Vulnerabilities > Incorrect Default Permissions

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-30	CVE-2022-4575	Incorrect Default Permissions vulnerability in Lenovo products A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. local low complexity lenovo CWE-276	6.7
2023-10-25	CVE-2023-3112	Incorrect Default Permissions vulnerability in Ellipticlabs AI Virtual Presence Sensor and Virtual Lock Sensor A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges. local low complexity ellipticlabs CWE-276	7.8
2023-10-25	CVE-2023-45990	Incorrect Default Permissions vulnerability in Wenwen-Ai Wenwenai CMS 1.0 Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. network low complexity wenwen-ai CWE-276	8.0
2023-10-19	CVE-2022-42150	Incorrect Default Permissions vulnerability in Tinylab Cloud LAB and Linux LAB TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. network low complexity tinylab CWE-276 critical	10.0
2023-10-19	CVE-2023-35181	Incorrect Default Permissions vulnerability in Solarwinds Access Rights Manager The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. local low complexity solarwinds CWE-276	7.8
2023-10-19	CVE-2023-35183	Incorrect Default Permissions vulnerability in Solarwinds Access Rights Manager The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. local low complexity solarwinds CWE-276	7.8
2023-10-17	CVE-2023-27133	Incorrect Default Permissions vulnerability in Tsplus Remote Work TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. network low complexity tsplus CWE-276 critical	9.8
2023-10-16	CVE-2023-45690	Incorrect Default Permissions vulnerability in Southrivertech Titan FTP Server and Titan MFT Server Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem network low complexity southrivertech CWE-276	4.9
2023-10-13	CVE-2023-44194	Incorrect Default Permissions vulnerability in Juniper Junos An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. local low complexity juniper CWE-276	7.8
2023-10-09	CVE-2022-3431	Incorrect Default Permissions vulnerability in Lenovo products A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. local low complexity lenovo CWE-276	7.8