Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-18 | CVE-2022-25776 | Incorrect Default Permissions vulnerability in Acquia Mautic Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names. | 6.5 |
| 2024-09-13 | CVE-2024-46695 | Incorrect Default Permissions vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed. | 4.4 |
| 2024-09-12 | CVE-2024-8533 | Incorrect Default Permissions vulnerability in Rockwellautomation products A privilege escalation vulnerability exists in the Rockwell Automation affected products. | 8.8 |
| 2024-09-11 | CVE-2024-40654 | Incorrect Default Permissions vulnerability in Google Android In multiple locations, there is a possible permission bypass due to a confused deputy. | 7.8 |
| 2024-09-04 | CVE-2024-34648 | Incorrect Default Permissions vulnerability in Samsung Android 12.0/13.0/14.0 Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. | 5.5 |
| 2024-09-04 | CVE-2024-34661 | Incorrect Default Permissions vulnerability in Samsung Assistant Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. | 4.3 |
| 2024-08-29 | CVE-2024-34018 | Incorrect Default Permissions vulnerability in Acronis Snap Deploy 6 Sensitive information disclosure due to insecure folder permissions. | 5.5 |
| 2024-08-23 | CVE-2024-43791 | Incorrect Default Permissions vulnerability in Steveklabnik Request Store 1.3.2 RequestStore provides per-request global storage for Rack. | 7.8 |
| 2024-08-15 | CVE-2024-42681 | Incorrect Default Permissions vulnerability in Xuxueli Xxl-Job 2.4.1 Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. | 8.8 |
| 2024-08-14 | CVE-2024-23495 | Incorrect Default Permissions vulnerability in Intel Distribution for GDB and Oneapi Base Toolkit Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |