Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2021-39409 Incorrect Permission Assignment for Critical Resource vulnerability in Online Student Rate System Project Online Student Rate System 1.0
A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated.
7.5
2022-06-23 CVE-2022-34012 Incorrect Permission Assignment for Critical Resource vulnerability in Zhyd Oneblog 2.3.4
Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.
network
low complexity
zhyd CWE-732
4.0
2022-06-21 CVE-2022-1596 Incorrect Permission Assignment for Critical Resource vulnerability in ABB products
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.
network
low complexity
abb CWE-732
4.0
2022-06-19 CVE-2022-34006 Incorrect Permission Assignment for Critical Resource vulnerability in Southrivertech Titan FTP Server Nextgen
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050.
local
low complexity
southrivertech CWE-732
7.2
2022-06-15 CVE-2022-28226 Incorrect Permission Assignment for Critical Resource vulnerability in Yandex Browser
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.
local
low complexity
yandex CWE-732
7.2
2022-06-15 CVE-2022-32155 Incorrect Permission Assignment for Critical Resource vulnerability in Splunk
In universal forwarder versions before 9.0, management services are available remotely by default.
network
low complexity
splunk CWE-732
5.0
2022-06-14 CVE-2021-40649 Incorrect Permission Assignment for Critical Resource vulnerability in Softwareag Connx 6.2.0.1269
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.
network
low complexity
softwareag CWE-732
6.4
2022-06-14 CVE-2022-31465 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Xpedition Designer
A vulnerability has been identified in Xpedition Designer (All versions < VX.2.11).
local
low complexity
siemens CWE-732
4.6
2022-06-06 CVE-2022-21748 Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 11.0/12.0
In telephony, there is a possible information disclosure due to a missing permission check.
local
low complexity
google CWE-732
2.1
2022-06-06 CVE-2022-21749 Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 11.0/12.0
In telephony, there is a possible information disclosure due to a missing permission check.
local
low complexity
google CWE-732
2.1