CWE-276 - Incorrect Default Permissions

Description

The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. The weakness is introduced during Architecture and Design, Implementation, Installation, Operation stages.

Latest vulnerabilities for CWE-276

Incorrect default permissions in Siemens Energy Services using Elspec G5DFR 2025-06-11
High No

Privilege escalation in Mozilla VPN for macOS 2025-06-10
Low Yes

Incorrect default permissions in PC Time Tracer 2025-06-03
Low Yes

Privilege escalation in Splunk Universal Forwarder for Windows 2025-06-02
Low Yes

Multiple vulnerabilities in IBM Knowledge Catalog for IBM Cloud Pak for Data 2025-06-02
High Yes Public exploit

IBM Db2 update for Apache Hadoop 2025-05-30
Low Yes

Two privilege escalation vulnerabilities in Dell Trusted Device 2025-05-26
Low Yes

Multiple vulnerabilities in Tenable Network Monitor 2025-05-26
High Yes

Dell NetWorker Management Console update for third-party components 2025-05-20
Critical Yes Public exploit

Incorrect default permissions in Intel Endurance Gaming Mode 2025-05-16
Low Yes

References

Description of CWE-276 on Mitre website