Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2022-43845 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
7.5
7.5
2024-09-09 CVE-2024-45041 Incorrect Permission Assignment for Critical Resource vulnerability in External-Secrets External Secrets Operator
External Secrets Operator is a Kubernetes operator that integrates external secret management systems.
network
low complexity
external-secrets CWE-732
8.8
8.8
2024-08-24 CVE-2022-43915 Incorrect Permission Assignment for Critical Resource vulnerability in IBM APP Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.
network
low complexity
ibm CWE-732
8.1
8.1
2024-08-21 CVE-2024-5930 Incorrect Permission Assignment for Critical Resource vulnerability in Vipre Advanced Security 12.0.1.214
VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability.
local
low complexity
vipre CWE-732
7.8
7.8
2024-08-14 CVE-2024-5915 Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Globalprotect
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.
local
low complexity
paloaltonetworks CWE-732
7.8
7.8
2024-08-14 CVE-2024-23908 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Flexlm License Daemons for Intel Fpga
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
7.8
2024-08-14 CVE-2024-25561 Incorrect Permission Assignment for Critical Resource vulnerability in Intel products
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
7.8
2024-08-07 CVE-2024-43199 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios Ndoutils
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.
local
low complexity
nagios CWE-732
7.8
7.8
2024-08-05 CVE-2024-41720 Incorrect Permission Assignment for Critical Resource vulnerability in Zexelon Zwx-2000Csw2-Hn Firmware
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device.
low complexity
zexelon CWE-732
8.0
8.0
2024-07-31 CVE-2024-41954 Incorrect Permission Assignment for Critical Resource vulnerability in Fogproject 1.5.10/1.5.10.15
FOG is a cloning/imaging/rescue suite/inventory management system.
local
low complexity
fogproject CWE-732
7.8
7.8