Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-30 | CVE-2021-39748 | Incorrect Default Permissions vulnerability in Google Android 12.1 In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an unsafe PendingIntent. | 5.5 |
| 2022-03-30 | CVE-2021-39769 | Incorrect Default Permissions vulnerability in Google Android 12.1 In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. | 5.5 |
| 2022-03-30 | CVE-2021-39770 | Incorrect Default Permissions vulnerability in Google Android 12.1 In Framework, there is a possible disclosure of the device owner package due to a missing permission check. | 5.5 |
| 2022-03-30 | CVE-2021-39779 | Incorrect Default Permissions vulnerability in Google Android 12.0 In getCallStateUsingPackage of Telecom Service, there is a missing permission check. | 5.5 |
| 2022-03-30 | CVE-2021-39780 | Incorrect Default Permissions vulnerability in Google Android 12.0 In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. | 7.8 |
| 2022-03-29 | CVE-2022-22948 | Incorrect Default Permissions vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains an information disclosure vulnerability due to improper permission of files. | 6.5 |
| 2022-03-29 | CVE-2022-26839 | Incorrect Default Permissions vulnerability in Deltaww Diaenergie 1.08.00/1.7.5/1.8.0 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. | 7.8 |
| 2022-03-25 | CVE-2021-40904 | Incorrect Default Permissions vulnerability in Checkmk 1.5.0 The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. | 8.8 |
| 2022-03-25 | CVE-2021-44905 | Incorrect Default Permissions vulnerability in CEF Fortessa Ftbtld Firmware Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name. | 8.2 |
| 2022-03-25 | CVE-2022-27919 | Incorrect Default Permissions vulnerability in Gradle Enterprise Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. | 9.8 |