Vulnerabilities > Incorrect Default Permissions

DATE CVE VULNERABILITY TITLE RISK
2024-07-31 CVE-2024-6974 Incorrect Default Permissions vulnerability in Catonetworks Cato Client
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
local
low complexity
catonetworks CWE-276
7.8
7.8
2024-07-29 CVE-2024-27888 Incorrect Default Permissions vulnerability in Apple Macos
A permissions issue was addressed by removing vulnerable code and adding additional checks.
local
low complexity
apple CWE-276
5.5
5.5
2024-07-29 CVE-2024-40805 Incorrect Default Permissions vulnerability in Apple products
A permissions issue was addressed with additional restrictions.
local
low complexity
apple CWE-276
7.1
7.1
2024-07-24 CVE-2024-36541 Incorrect Default Permissions vulnerability in Kube-Logging Logging-Operator 4.6.0
Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
network
low complexity
kube-logging CWE-276
8.8
8.8
2024-07-22 CVE-2024-6122 Incorrect Default Permissions vulnerability in NI Flexlogger and Systemlink
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access.
local
low complexity
ni CWE-276
5.5
5.5
2024-07-16 CVE-2024-6325 Incorrect Default Permissions vulnerability in Rockwellautomation Factorytalk Policy Manager 6.40.0
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161.
network
low complexity
rockwellautomation CWE-276
6.5
6.5
2024-07-16 CVE-2024-6326 Incorrect Default Permissions vulnerability in Rockwellautomation products
An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service.
local
low complexity
rockwellautomation CWE-276
5.5
5.5
2024-07-16 CVE-2024-3779 Incorrect Default Permissions vulnerability in Eset products
Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met.
local
low complexity
eset CWE-276
5.5
5.5
2024-07-09 CVE-2024-31312 Incorrect Default Permissions vulnerability in Google Android
In multiple locations, there is a possible information leak due to a missing permission check.
local
low complexity
google CWE-276
5.5
5.5
2024-06-12 CVE-2024-37038 Incorrect Default Permissions vulnerability in Schneider-Electric Sage RTU Firmware
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.
network
low complexity
schneider-electric CWE-276
8.8
8.8