Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-45301 Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Ruby
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.
network
low complexity
chocolatey CWE-732
4.3
2022-11-29 CVE-2022-45304 Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Cmder
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.
network
low complexity
chocolatey CWE-732
4.3
2022-11-29 CVE-2022-45305 Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Python3
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.
network
low complexity
chocolatey CWE-732
4.3
2022-11-29 CVE-2022-45306 Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey Azure-Pipelines-Agent
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.
network
low complexity
chocolatey CWE-732
4.3
2022-11-29 CVE-2022-45307 Incorrect Permission Assignment for Critical Resource vulnerability in Chocolatey PHP
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.
network
low complexity
chocolatey CWE-732
4.3
2022-11-25 CVE-2022-41926 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Talk
Nextcould talk android is the android OS implementation of the nextcloud talk chat system.
local
low complexity
nextcloud CWE-732
5.5
2022-11-23 CVE-2022-44280 Incorrect Permission Assignment for Critical Resource vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0
Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.
6.5
2022-11-17 CVE-2022-38461 Incorrect Permission Assignment for Critical Resource vulnerability in Wpml
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content).
network
low complexity
wpml CWE-732
4.3
2022-11-17 CVE-2022-44725 Incorrect Permission Assignment for Critical Resource vulnerability in Opcfoundation Local Discovery Server
OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file.
local
low complexity
opcfoundation CWE-732
7.8
2022-11-14 CVE-2022-34314 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Cics TX 11.1
IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings.
local
low complexity
ibm CWE-732
3.3