Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-25 | CVE-2022-24337 | Incorrect Default Permissions vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. | 6.5 |
| 2022-02-25 | CVE-2022-24343 | Incorrect Default Permissions vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. | 4.3 |
| 2022-02-25 | CVE-2022-25327 | Incorrect Default Permissions vulnerability in Google Fscrypt The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. | 5.5 |
| 2022-02-24 | CVE-2022-23104 | Incorrect Default Permissions vulnerability in Win-911 2021 R1 and Win-911 2021 R2 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. | 7.8 |
| 2022-02-24 | CVE-2022-23922 | Incorrect Default Permissions vulnerability in Win-911 2021 R1 and Win-911 2021 R2 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | 7.8 |
| 2022-02-20 | CVE-2021-45083 | Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Cobbler before 3.3.1. | 7.1 |
| 2022-02-18 | CVE-2021-3948 | Incorrect Default Permissions vulnerability in multiple products An incorrect default permissions vulnerability was found in the mig-controller. | 6.3 |
| 2022-02-17 | CVE-2021-3155 | Incorrect Default Permissions vulnerability in Canonical Snapd snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. | 5.5 |
| 2022-02-11 | CVE-2021-20001 | Incorrect Default Permissions vulnerability in multiple products It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | 9.8 |
| 2022-02-11 | CVE-2020-14521 | Incorrect Default Permissions vulnerability in Mitsubishielectric products Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. | 9.8 |