Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-3116 Incorrect Default Permissions vulnerability in Openharmony
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.
local
low complexity
openharmony CWE-276
7.1
7.1
2023-11-20 CVE-2023-42774 Incorrect Default Permissions vulnerability in Openharmony
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.
local
low complexity
openharmony CWE-276
5.5
5.5
2023-11-18 CVE-2023-40363 Incorrect Default Permissions vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings.
network
low complexity
ibm CWE-276
6.5
6.5
2023-11-17 CVE-2023-48648 Incorrect Default Permissions vulnerability in Concretecms Concrete CMS
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions.
network
low complexity
concretecms CWE-276
critical
 9.8
9.8
2023-11-16 CVE-2023-47335 Incorrect Default Permissions vulnerability in Autelrobotics EVO Nano Drone Firmware 1.6.5
Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.
low complexity
autelrobotics CWE-276
6.5
6.5
2023-11-14 CVE-2023-27305 Incorrect Default Permissions vulnerability in Intel ARC a Graphics and Iris XE Graphics
Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
7.8
2023-11-14 CVE-2023-32638 Incorrect Default Permissions vulnerability in Intel ARC RGB Controller 1.03
Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
7.8
2023-11-09 CVE-2023-46743 Incorrect Default Permissions vulnerability in Xwiki Application-Collabora
application-collabora is an integration of Collabora Online in XWiki.
network
low complexity
xwiki CWE-276
4.3
4.3
2023-11-03 CVE-2023-41726 Incorrect Default Permissions vulnerability in Ivanti Avalanche
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-276
7.8
7.8
2023-11-03 CVE-2023-4091 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes".
network
low complexity
samba fedoraproject redhat CWE-276
6.5
6.5