Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2021-3948 Incorrect Default Permissions vulnerability in multiple products
An incorrect default permissions vulnerability was found in the mig-controller.
network
low complexity
konveyor redhat CWE-276
6.3
6.3
2022-02-17 CVE-2021-3155 Incorrect Default Permissions vulnerability in Canonical Snapd
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions.
local
low complexity
canonical CWE-276
5.5
5.5
2022-02-11 CVE-2021-20001 Incorrect Default Permissions vulnerability in multiple products
It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
network
low complexity
skolelinux debian CWE-276
critical
 9.8
9.8
2022-02-11 CVE-2020-14521 Incorrect Default Permissions vulnerability in Mitsubishielectric products
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability.
network
low complexity
mitsubishielectric CWE-276
critical
 9.8
9.8
2022-02-11 CVE-2021-39635 Incorrect Default Permissions vulnerability in Google Android
ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634
network
low complexity
google CWE-276
critical
 9.1
9.1
2022-02-11 CVE-2021-39658 Incorrect Default Permissions vulnerability in Google Android
ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207
network
low complexity
google CWE-276
critical
 9.8
9.8
2022-02-11 CVE-2022-23995 Incorrect Default Permissions vulnerability in Samsung Wear OS
Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.
local
low complexity
samsung CWE-276
3.3
3.3
2022-02-11 CVE-2022-23996 Incorrect Default Permissions vulnerability in Samsung Wear OS
Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission.
local
low complexity
samsung CWE-276
3.3
3.3
2022-02-09 CVE-2021-0093 Incorrect Default Permissions vulnerability in multiple products
Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.
local
low complexity
intel netapp CWE-276
4.4
4.4
2022-02-09 CVE-2021-22817 Incorrect Default Permissions vulnerability in Schneider-Electric products
A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation.
local
low complexity
schneider-electric CWE-276
7.8
7.8