Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2021-39635 Incorrect Default Permissions vulnerability in Google Android
ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634
network
low complexity
google CWE-276
critical
9.1
2022-02-11 CVE-2021-39658 Incorrect Default Permissions vulnerability in Google Android
ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207
network
low complexity
google CWE-276
critical
9.8
2022-02-11 CVE-2022-23995 Incorrect Default Permissions vulnerability in Samsung Wear OS
Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.
local
low complexity
samsung CWE-276
3.3
2022-02-11 CVE-2022-23996 Incorrect Default Permissions vulnerability in Samsung Wear OS
Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission.
local
low complexity
samsung CWE-276
3.3
2022-02-09 CVE-2021-0093 Incorrect Default Permissions vulnerability in multiple products
Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.
local
low complexity
intel netapp CWE-276
4.4
2022-02-09 CVE-2021-22817 Incorrect Default Permissions vulnerability in Schneider-Electric products
A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation.
local
low complexity
schneider-electric CWE-276
7.8
2022-02-09 CVE-2021-33129 Incorrect Default Permissions vulnerability in Intel Advisor
Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
2022-02-09 CVE-2021-33166 Incorrect Default Permissions vulnerability in Intel Retail Experience Tool
Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel CWE-276
5.5
2022-02-09 CVE-2022-21204 Incorrect Default Permissions vulnerability in Intel Quartus Prime
Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-276
7.8
2022-02-04 CVE-2022-24113 Incorrect Default Permissions vulnerability in Acronis products
Local privilege escalation due to excessive permissions assigned to child processes.
local
low complexity
acronis CWE-276
7.8