Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-21 | CVE-2022-28802 | Incorrect Permission Assignment for Critical Resource vulnerability in Zapier Code BY Zapier Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. | 9.9 |
| 2022-09-19 | CVE-2022-2995 | Incorrect Permission Assignment for Critical Resource vulnerability in Kubernetes Cri-O 1.25.0 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | 7.1 |
| 2022-09-16 | CVE-2022-2332 | Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell Softmaster 4.51 A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment. | 7.8 |
| 2022-09-13 | CVE-2022-22330 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Control Desk IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.3 |
| 2022-09-13 | CVE-2022-20398 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 13.0 In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. | 7.8 |
| 2022-09-13 | CVE-2022-20399 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. | 5.5 |
| 2022-09-13 | CVE-2022-39207 | Incorrect Permission Assignment for Critical Resource vulnerability in Onedev Project Onedev Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. | 5.4 |
| 2022-09-06 | CVE-2022-36670 | Incorrect Permission Assignment for Critical Resource vulnerability in Pcprotect Endpoint PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | 6.7 |
| 2022-09-06 | CVE-2022-37771 | Incorrect Permission Assignment for Critical Resource vulnerability in Iobit Malware Fighter 9.2 IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | 6.7 |
| 2022-09-02 | CVE-2022-38170 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Airflow In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. | 4.7 |