Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-12 | CVE-2022-33695 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0/11.0/12.0 Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. | 7.8 |
| 2022-07-06 | CVE-2022-30929 | Incorrect Permission Assignment for Critical Resource vulnerability in Mini Tmall Project Mini Tmall 1.0 Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper. | 8.8 |
| 2022-07-01 | CVE-2022-2227 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions | 4.3 |
| 2022-06-30 | CVE-2014-0068 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift-Origin-Node-Util It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. | 5.5 |
| 2022-06-30 | CVE-2022-23725 | Incorrect Permission Assignment for Critical Resource vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. | 5.5 |
| 2022-06-29 | CVE-2022-34043 | Incorrect Permission Assignment for Critical Resource vulnerability in Nomachine 7.9.2 Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. | 7.3 |
| 2022-06-24 | CVE-2021-20355 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Jazz Team Server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.3 |
| 2022-06-24 | CVE-2021-38879 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Jazz Team Server IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.3 |
| 2022-06-23 | CVE-2022-34012 | Incorrect Permission Assignment for Critical Resource vulnerability in Zhyd Oneblog 2.3.4 Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. | 6.5 |
| 2022-06-21 | CVE-2022-1596 | Incorrect Permission Assignment for Critical Resource vulnerability in ABB products Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. | 6.5 |