Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2021-32006 Incorrect Default Permissions vulnerability in Secomea Gatemanager 9.6.621421014
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions.
network
low complexity
secomea CWE-276
4.3
2022-03-09 CVE-2022-25943 Incorrect Default Permissions vulnerability in Kingsoft WPS Office
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
local
low complexity
kingsoft CWE-276
7.8
2022-03-02 CVE-2021-38268 Incorrect Default Permissions vulnerability in Liferay Digital Experience Platform and Liferay Portal
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add and duplicate forms, via the UI or the API.
network
low complexity
liferay CWE-276
6.5
2022-03-01 CVE-2021-41652 Incorrect Default Permissions vulnerability in Batflat 1.3.6
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.
network
low complexity
batflat CWE-276
7.5
2022-02-25 CVE-2021-37103 Incorrect Default Permissions vulnerability in Huawei Emui and Magic UI
There is an improper permission management vulnerability in the Wallet apps.
local
low complexity
huawei CWE-276
5.5
2022-02-25 CVE-2022-24337 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
network
low complexity
jetbrains CWE-276
6.5
2022-02-25 CVE-2022-24343 Incorrect Default Permissions vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
network
low complexity
jetbrains CWE-276
4.3
2022-02-25 CVE-2022-25327 Incorrect Default Permissions vulnerability in Google Fscrypt
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in.
local
low complexity
google CWE-276
5.5
2022-02-24 CVE-2022-23104 Incorrect Default Permissions vulnerability in Win-911 2021 R1 and Win-911 2021 R2
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables.
local
low complexity
win-911 CWE-276
7.8
2022-02-24 CVE-2022-23922 Incorrect Default Permissions vulnerability in Win-911 2021 R1 and Win-911 2021 R2
WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed.
local
low complexity
win-911 CWE-276
7.8