Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2022-3146 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in tripleo-ansible. | 5.5 |
| 2023-03-16 | CVE-2023-27084 | Incorrect Permission Assignment for Critical Resource vulnerability in Dreamer CMS Project Dreamer CMS 4.0.1 Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. | 5.3 |
| 2023-03-16 | CVE-2023-27095 | Incorrect Permission Assignment for Critical Resource vulnerability in Opengoofy Hippo4J Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. | 6.5 |
| 2023-03-06 | CVE-2023-23939 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Azure Setup Kubectl 1/2.0/2.1 Azure/setup-kubectl is a GitHub Action for installing Kubectl. | 7.0 |
| 2023-02-23 | CVE-2023-24205 | Incorrect Permission Assignment for Critical Resource vulnerability in Clash Project Clash 0.20.12 Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | 9.8 |
| 2023-02-16 | CVE-2022-25992 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi-Cli Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-02-09 | CVE-2022-21939 | Incorrect Permission Assignment for Critical Resource vulnerability in Johnsoncontrols Metasys System Configuration Tool Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | 6.1 |
| 2023-02-08 | CVE-2023-25150 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Richdocuments Nextcloud office/richdocuments is an office suit for the nextcloud server platform. | 5.7 |
| 2023-02-03 | CVE-2021-37304 | Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | 7.5 |
| 2023-02-03 | CVE-2021-37305 | Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | 7.5 |