Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-09 | CVE-2022-25943 | Incorrect Default Permissions vulnerability in Kingsoft WPS Office The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | 7.8 |
| 2022-03-02 | CVE-2021-38268 | Incorrect Default Permissions vulnerability in Liferay Digital Experience Platform and Liferay Portal The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add and duplicate forms, via the UI or the API. | 6.5 |
| 2022-03-01 | CVE-2021-41652 | Incorrect Default Permissions vulnerability in Batflat 1.3.6 Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. | 7.5 |
| 2022-02-25 | CVE-2021-37103 | Incorrect Default Permissions vulnerability in Huawei Emui and Magic UI There is an improper permission management vulnerability in the Wallet apps. | 5.5 |
| 2022-02-25 | CVE-2022-24337 | Incorrect Default Permissions vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. | 6.5 |
| 2022-02-25 | CVE-2022-24343 | Incorrect Default Permissions vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. | 4.3 |
| 2022-02-25 | CVE-2022-25327 | Incorrect Default Permissions vulnerability in Google Fscrypt The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. | 5.5 |
| 2022-02-24 | CVE-2022-23104 | Incorrect Default Permissions vulnerability in Win-911 2021 R1 and Win-911 2021 R2 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. | 7.8 |
| 2022-02-24 | CVE-2022-23922 | Incorrect Default Permissions vulnerability in Win-911 2021 R1 and Win-911 2021 R2 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | 7.8 |
| 2022-02-20 | CVE-2021-45083 | Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. | 7.1 |