Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-10 | CVE-2022-22411 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Scale Data Access Services 5.1.3.1 IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. | 6.5 |
| 2022-08-05 | CVE-2020-1754 | Incorrect Permission Assignment for Critical Resource vulnerability in Moodle In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. | 4.3 |
| 2022-07-28 | CVE-2021-22648 | Incorrect Permission Assignment for Critical Resource vulnerability in Ovarro products Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file. | 9.8 |
| 2022-07-22 | CVE-2022-34112 | Incorrect Permission Assignment for Critical Resource vulnerability in Dataease Project Dataease 1.11.1 An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. | 6.5 |
| 2022-07-22 | CVE-2022-1655 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openstack 16.2 An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. | 6.5 |
| 2022-07-18 | CVE-2022-34891 | Incorrect Permission Assignment for Critical Resource vulnerability in Parallels Desktop 17.1.1 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. | 7.8 |
| 2022-07-14 | CVE-2021-45492 | Incorrect Permission Assignment for Critical Resource vulnerability in Sage 300 In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. | 7.8 |
| 2022-07-13 | CVE-2022-20218 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 12.0/12.1 In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. | 7.8 |
| 2022-07-13 | CVE-2022-20234 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 12.1 In Car Settings app, the NotificationAccessConfirmationActivity is exported. | 7.5 |
| 2022-07-12 | CVE-2021-38289 | Incorrect Permission Assignment for Critical Resource vulnerability in Novastar Novaicare 7.16.0 An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts. | 8.8 |