Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2023-12-06 CVE-2023-46773 Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos
Permission management vulnerability in the PMS module.
network
low complexity
huawei CWE-276
critical
 9.8
9.8
2023-12-05 CVE-2023-37572 Incorrect Default Permissions vulnerability in Softing OPC
Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service.
network
low complexity
softing CWE-276
7.5
7.5
2023-11-29 CVE-2023-47462 Incorrect Default Permissions vulnerability in Gl-Inet Gl-Ax1800 Firmware 3.125
Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.
network
low complexity
gl-inet CWE-276
critical
 9.8
9.8
2023-11-22 CVE-2023-47250 Incorrect Default Permissions vulnerability in M-Privacy Mprivacy-Tools, Rsbac-Policy-Tgpro and Tightgatevnc
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID.
network
low complexity
m-privacy CWE-276
8.8
8.8
2023-11-22 CVE-2023-43081 Incorrect Default Permissions vulnerability in Dell Powerprotect Agent for File System
PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component.
local
low complexity
dell CWE-276
3.3
3.3
2023-11-20 CVE-2023-3116 Incorrect Default Permissions vulnerability in Openatom Openharmony
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.
local
low complexity
openatom CWE-276
7.1
7.1
2023-11-20 CVE-2023-42774 Incorrect Default Permissions vulnerability in Openatom Openharmony
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.
local
low complexity
openatom CWE-276
5.5
5.5
2023-11-18 CVE-2023-40363 Incorrect Default Permissions vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings.
network
low complexity
ibm CWE-276
6.5
6.5
2023-11-17 CVE-2023-48648 Incorrect Default Permissions vulnerability in Concretecms Concrete CMS
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions.
network
low complexity
concretecms CWE-276
critical
 9.8
9.8
2023-11-16 CVE-2023-47335 Incorrect Default Permissions vulnerability in Autelrobotics EVO Nano Drone Firmware 1.6.5
Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.
low complexity
autelrobotics CWE-276
6.5
6.5