Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-24703 Incorrect Permission Assignment for Critical Resource vulnerability in Metagauss Download Plugin
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
network
metagauss CWE-732
3.5
2021-11-19 CVE-2021-39235 Incorrect Permission Assignment for Critical Resource vulnerability in Apache Ozone
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token.
network
low complexity
apache CWE-732
4.0
2021-11-18 CVE-2021-27024 Incorrect Permission Assignment for Critical Resource vulnerability in Puppet Continuous Delivery 4.0.0/4.0.1
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token.
network
low complexity
puppet CWE-732
5.5
2021-11-17 CVE-2021-33091 Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC M15 Laptop KIT Audio Driver Pack
Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.2
2021-11-17 CVE-2021-33093 Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC M15 Laptop KIT Serial IO Driver Pack
Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Serial IO driver pack before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.2
2021-11-17 CVE-2021-33094 Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC M15 Laptop KIT Keyboard LED Service Driver Pack
Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.2
2021-11-09 CVE-2021-37207 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sentron Powermanager 3
A vulnerability has been identified in SENTRON powermanager V3 (All versions).
local
low complexity
siemens CWE-732
7.2
2021-11-01 CVE-2021-25877 Incorrect Permission Assignment for Critical Resource vulnerability in Youphptube
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write.
network
low complexity
youphptube CWE-732
critical
9.0
2021-10-27 CVE-2021-20526 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
5.0
2021-10-27 CVE-2021-41589 Incorrect Permission Assignment for Critical Resource vulnerability in Gradle Build Cache Node and Enterprise
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration.
network
low complexity
gradle CWE-732
7.5