Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2024-08-07 CVE-2024-34617 Incorrect Default Permissions vulnerability in Samsung Android 14.0
Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.
local
low complexity
samsung CWE-276
3.3
2024-08-06 CVE-2024-43114 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
local
low complexity
jetbrains CWE-276
7.8
2024-08-06 CVE-2024-7525 Incorrect Default Permissions vulnerability in Mozilla Firefox
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site.
network
low complexity
mozilla CWE-276
8.1
2024-07-31 CVE-2024-6974 Incorrect Default Permissions vulnerability in Catonetworks Cato Client
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
local
low complexity
catonetworks CWE-276
7.8
2024-07-29 CVE-2024-27888 Incorrect Default Permissions vulnerability in Apple Macos
A permissions issue was addressed by removing vulnerable code and adding additional checks.
local
low complexity
apple CWE-276
5.5
2024-07-29 CVE-2024-40805 Incorrect Default Permissions vulnerability in Apple products
A permissions issue was addressed with additional restrictions.
local
low complexity
apple CWE-276
7.1
2024-07-24 CVE-2024-36541 Incorrect Default Permissions vulnerability in Kube-Logging Logging-Operator 4.6.0
Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
network
low complexity
kube-logging CWE-276
8.8
2024-07-22 CVE-2024-6122 Incorrect Default Permissions vulnerability in NI Flexlogger and Systemlink
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access.
local
low complexity
ni CWE-276
5.5
2024-07-16 CVE-2024-6325 Incorrect Default Permissions vulnerability in Rockwellautomation Factorytalk Policy Manager 6.40.0
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161.
network
low complexity
rockwellautomation CWE-276
6.5
2024-07-16 CVE-2024-6326 Incorrect Default Permissions vulnerability in Rockwellautomation products
An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service.
local
low complexity
rockwellautomation CWE-276
5.5