Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-47808 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sinec NMS
A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1).
local
low complexity
siemens CWE-732
6.5
6.5
2024-10-29 CVE-2024-10228 Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Vagrant VMWare Utility
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes.
local
low complexity
hashicorp CWE-732
3.3
3.3
2024-10-18 CVE-2024-46897 Incorrect Permission Assignment for Critical Resource vulnerability in Exceedone Exment
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier.
network
low complexity
exceedone CWE-732
3.8
3.8
2024-10-09 CVE-2024-47833 Incorrect Permission Assignment for Critical Resource vulnerability in Avaiga Taipy
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers.
network
low complexity
avaiga CWE-732
6.5
6.5
2024-10-08 CVE-2024-7612 Incorrect Permission Assignment for Critical Resource vulnerability in Ivanti Endpoint Manager Mobile
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.
local
low complexity
ivanti CWE-732
7.8
7.8
2024-10-02 CVE-2024-24117 Incorrect Permission Assignment for Critical Resource vulnerability in Ruijie Rg-Nbs2009G-P Firmware 10.4(1)P2Release(9736)
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.
network
low complexity
ruijie CWE-732
critical
 9.8
9.8
2024-09-25 CVE-2022-43845 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
7.5
7.5
2024-09-09 CVE-2024-45041 Incorrect Permission Assignment for Critical Resource vulnerability in External-Secrets External Secrets Operator
External Secrets Operator is a Kubernetes operator that integrates external secret management systems.
network
low complexity
external-secrets CWE-732
8.8
8.8
2024-08-24 CVE-2022-43915 Incorrect Permission Assignment for Critical Resource vulnerability in IBM APP Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.
network
low complexity
ibm CWE-732
8.1
8.1
2024-08-21 CVE-2024-5930 Incorrect Permission Assignment for Critical Resource vulnerability in Vipre Advanced Security 12.0.1.214
VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability.
local
low complexity
vipre CWE-732
7.8
7.8