Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-30 | CVE-2023-28079 | Incorrect Default Permissions vulnerability in Dell Powerpath 7.0/7.1/7.2 PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. | 7.8 |
| 2023-05-30 | CVE-2023-32698 | Incorrect Default Permissions vulnerability in Goreleaser Nfpm nFPM is an alternative to fpm. | 7.1 |
| 2023-05-28 | CVE-2023-33291 | Incorrect Default Permissions vulnerability in Ebankit 6 In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. | 7.4 |
| 2023-05-23 | CVE-2023-29919 | Incorrect Default Permissions vulnerability in Contec Solarview Compact Firmware 6.0 SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. | 9.1 |
| 2023-05-22 | CVE-2023-29838 | Incorrect Default Permissions vulnerability in Allwaysync 19.0.3.0 Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. | 7.8 |
| 2023-05-18 | CVE-2022-45452 | Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect Local privilege escalation due to insecure folder permissions. | 7.8 |
| 2023-05-18 | CVE-2022-45459 | Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect Sensitive information disclosure due to insecure registry permissions. | 7.5 |
| 2023-05-16 | CVE-2023-32996 | Incorrect Default Permissions vulnerability in Jenkins Saml Single Sign-On A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails. | 4.3 |
| 2023-05-16 | CVE-2023-32999 | Incorrect Default Permissions vulnerability in Jenkins Appspider A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | 4.3 |
| 2023-05-15 | CVE-2023-21104 | Incorrect Default Permissions vulnerability in Google Android 12.1/13.0 In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. | 5.5 |