Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2024-07-24 CVE-2024-36541 Incorrect Default Permissions vulnerability in Kube-Logging Logging-Operator 4.6.0
Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
network
low complexity
kube-logging CWE-276
8.8
8.8
2024-07-22 CVE-2024-6122 Incorrect Default Permissions vulnerability in NI Flexlogger and Systemlink
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access.
local
low complexity
ni CWE-276
5.5
5.5
2024-07-16 CVE-2024-6325 Incorrect Default Permissions vulnerability in Rockwellautomation Factorytalk Policy Manager 6.40.0
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161.
network
low complexity
rockwellautomation CWE-276
6.5
6.5
2024-07-16 CVE-2024-6326 Incorrect Default Permissions vulnerability in Rockwellautomation products
An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service.
local
low complexity
rockwellautomation CWE-276
5.5
5.5
2024-07-16 CVE-2024-3779 Incorrect Default Permissions vulnerability in Eset products
Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met.
local
low complexity
eset CWE-276
5.5
5.5
2024-07-09 CVE-2024-31312 Incorrect Default Permissions vulnerability in Google Android
In multiple locations, there is a possible information leak due to a missing permission check.
local
low complexity
google CWE-276
5.5
5.5
2024-06-12 CVE-2024-37038 Incorrect Default Permissions vulnerability in Schneider-Electric Sage RTU Firmware
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.
network
low complexity
schneider-electric CWE-276
8.8
8.8
2024-03-08 CVE-2024-23201 Incorrect Default Permissions vulnerability in Apple products
A permissions issue was addressed with additional restrictions.
local
low complexity
apple CWE-276
5.5
5.5
2024-03-08 CVE-2024-23253 Incorrect Default Permissions vulnerability in Apple Macos
A permissions issue was addressed with additional restrictions.
local
low complexity
apple CWE-276
3.3
3.3
2024-03-08 CVE-2024-23295 Incorrect Default Permissions vulnerability in Apple Visionos 1.0.2
A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1.
local
low complexity
apple CWE-276
5.5
5.5