Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2024-11-18 CVE-2024-41970 A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.
network
low complexity
CWE-732
5.7
5.7
2024-11-18 CVE-2024-41974 A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication.
network
low complexity
CWE-732
7.1
7.1
2024-11-12 CVE-2024-47783 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Siport
A vulnerability has been identified in SIPORT (All versions < V3.4.0).
local
low complexity
siemens CWE-732
7.8
7.8
2024-11-12 CVE-2024-47808 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sinec NMS
A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1).
local
low complexity
siemens CWE-732
6.5
6.5
2024-10-29 CVE-2024-10228 Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Vagrant VMWare Utility
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes.
local
low complexity
hashicorp CWE-732
3.3
3.3
2024-10-18 CVE-2024-46897 Incorrect Permission Assignment for Critical Resource vulnerability in Exceedone Exment
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier.
network
low complexity
exceedone CWE-732
3.8
3.8
2024-10-09 CVE-2024-47833 Incorrect Permission Assignment for Critical Resource vulnerability in Avaiga Taipy
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers.
network
low complexity
avaiga CWE-732
6.5
6.5
2024-10-02 CVE-2024-24117 Incorrect Permission Assignment for Critical Resource vulnerability in Ruijie Rg-Nbs2009G-P Firmware 10.4(1)P2Release(9736)
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.
network
low complexity
ruijie CWE-732
critical
 9.8
9.8
2024-09-25 CVE-2022-43845 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
7.5
7.5
2024-09-09 CVE-2024-45041 Incorrect Permission Assignment for Critical Resource vulnerability in External-Secrets External Secrets Operator
External Secrets Operator is a Kubernetes operator that integrates external secret management systems.
network
low complexity
external-secrets CWE-732
8.8
8.8