20 matches found
CVE-2025-64642 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...
CVE-2025-41658
CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions...
CODESYS Runtime Toolkit 安全漏洞
CODESYS Runtime Toolkit is a comprehensive software development kit for programmable controllers from CODESYS, Germany. It is used to transform embedded platforms or industrial PCs into controllers and supports secondary development. A security vulnerability exists in CODESYS Runtime Toolkit, whi...
CVE-2022-21704
log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...
Cisco Industrial Network Director 安全漏洞
Cisco Industrial Network Director IND is an industrial automation management system from the American company Cisco. The system automates the management of industrial Ethernet infrastructure by visualizing its operation. Cisco Industrial Network Director has a security vulnerability that stems fr...
CVE-2024-8533
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges...
CVE-2024-8533
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges...
CVE-2024-8533
The CVE-2024-8533 issue affects Rockwell Automation OptixPanel products (e.g., 2800C OptixPanel Compact, 2800S OptixPanel Standard, Embedded Edge Compute Module). The vulnerability stems from improper default file permissions in the affected software, enabling credential exfiltration and privileg...
Rockwell Automation多款产品 安全漏洞
Rockwell Automation 2800C OptixPanel Compact and others are products of Rockwell Automation, Inc.Rockwell Automation 2800C OptixPanel Compact is a compact operator panel. Rockwell Automation 2800S OptixPanel Standard is a standard operator panel.Rockwell Automation Embedded Edge Compute Module is...
CVE-2024-7513
CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions...
VulnCheck KEV: CVE-2022-22948
VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information...
CVE-2023-45690 Information leak via default file permissions on Titan MFT and Titan SFTP servers
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem...
CVE-2023-28724
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
PT-2022-1771 · Unknown · Log4Js-Node
Name of the Vulnerable Software and Affected Versions: log4js-node versions prior to 6.4.0 Description: The issue is related to the default file permissions for log files created by the file, fileSync, and dateFile appenders in log4js-node, which are world-readable in Unix. This could cause...
SonicWall Global VPN client 安全漏洞
Sonicwall SonicWall Global VPN client is a Vpn software from SonicWall USA that works with the SonicWALL firewall. The software enables remote employees and vendors to access the company's network. A security vulnerability exists in SonicWall Global VPN Client 4.10.5 that stems from incorrect...
ALPINE-CVE-2021-24032
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to...
GHSA-5MCR-GQ6C-3HQ2 Local Information Disclosure Vulnerability in Netty on Unix-Like systems
Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. The CVSSv3.1 score of this vulnerability is calculated to be a 6.2/10 Vulnerability Details On unix-like systems, th...
IBM WebSphere Application Server Local Security Bypass Vulnerability
IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WAS that stems from t...
AMI: insecure default file permissions for /var/cache/jboss-ec2-eap
EC2 Amazon Machine Image AMI in JBoss Enterprise Application Platform EAP 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services AWS credentials by reading files in the directory...
Microworld eScan (Multiple Products) - Local Privilege Escalation
Microworld eScan Multiple Products - Local Privilege Escalation source: https://www.securityfocus.com/bid/25493/info Multiple MicroWorld eScan products are vulnerable to a local privilege-escalation vulnerability because of insecure default file permissions. Attackers can exploit this issue to...