Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE	CVE	VULNERABILITY TITLE	RISK
2022-09-29	CVE-2020-15328	Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. network low complexity zyxel CWE-732	5.3
2022-09-29	CVE-2020-15329	Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. network low complexity zyxel CWE-732	5.3
2022-09-27	CVE-2022-40817	Incorrect Permission Assignment for Critical Resource vulnerability in Zammad 5.2.0/5.2.1 Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. network low complexity zammad CWE-732	4.3
2022-09-23	CVE-2022-35250	Incorrect Permission Assignment for Critical Resource vulnerability in Rocket.Chat A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions. network low complexity rocket-chat CWE-732	4.3
2022-09-23	CVE-2022-40298	Incorrect Permission Assignment for Critical Resource vulnerability in Crestron Airmedia 4.3.1.39 Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. network low complexity crestron CWE-732	8.8
2022-09-21	CVE-2022-28802	Incorrect Permission Assignment for Critical Resource vulnerability in Zapier Code BY Zapier Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. network low complexity zapier CWE-732 critical	9.9
2022-09-19	CVE-2022-2995	Incorrect Permission Assignment for Critical Resource vulnerability in Kubernetes Cri-O 1.25.0 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. local low complexity kubernetes CWE-732	7.1
2022-09-16	CVE-2022-2332	Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell Softmaster 4.51 A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment. local low complexity honeywell CWE-732	7.8
2022-09-13	CVE-2022-22330	Incorrect Permission Assignment for Critical Resource vulnerability in IBM Control Desk IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. network low complexity ibm CWE-732	5.3
2022-09-13	CVE-2022-20398	Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 13.0 In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. local low complexity google CWE-732	7.8