Przykłady dla CWE-276: Incorrect Default Permissions

	Tytuł	Data	Autor
Med.	BarracudaDrive v6.5 Insecure Folder Permissions	04.09.2020	Bobby Cooke
Med.	BarracudaDrive 6.5 Local Privilege Escalation	11.08.2020	Bobby Cooke
Med.	Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions	02.07.2017	Karn Ganeshen
Med.	WIN-911 7.17.00 Insecure File Permissions / Plaintext Password Storage	07.09.2016	sh4d0wman
Med.	Hide.Me VPN Client 1.2.4 - Privilege Escalation	08.07.2016	sh4d0wman
Med.	PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference	06.04.2016	orwelllabs
High	Zarafa Multiple incorrect default permissions	25.08.2014	Robert Scheck
High	Eventum 2.3.4 Incorrect Permissions / Code Injection	29.01.2014	High-Tech Bridge Secur...
High	Zavio IP Cameras multiple vulnerabilities	28.05.2013	CORE
Med.	Photodex ProShow Producer 5.0.3310 Privilege Escalation	20.03.2013	Inshell Security Advis...

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2022-01-14

Low

CVE-2021-36781

Vendor: Opensuse
Software: Factory

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.

2022-01-12

Medium

CVE-2022-0179

Vendor: Snipeitapp
Software: Snipe-it

snipe-it is vulnerable to Improper Access Control

2022-01-10

Medium	CVE-2021-40004	Vendor: Huawei Software: Harmonyos	The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality.
Medium	CVE-2021-45003	Vendor: Laundry booking management system project Software: Laundry book...	Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.

2022-01-03

Medium

CVE-2021-37132

Vendor: Huawei
Software: Harmonyos

PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission.

2021-12-15

Medium	CVE-2021-43326	Updating...	Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
Medium	CVE-2021-43325	Updating...	Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.
Medium	CVE-2021-39651	Vendor: Google Software: Android	In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193438173References: N/A
Medium	CVE-2021-39639	Vendor: Google Software: Android	In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A
Low	CVE-2021-0979	Vendor: Google Software: Android	In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191772737

04.09.2020

11.08.2020

02.07.2017

07.09.2016

08.07.2016

06.04.2016

25.08.2014

29.01.2014

28.05.2013

20.03.2013