Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-16 | CVE-2022-31464 | Incorrect Permission Assignment for Critical Resource vulnerability in Adaware Protect 1.2.439.4251 Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path. | 7.8 |
| 2022-06-15 | CVE-2022-32155 | Incorrect Permission Assignment for Critical Resource vulnerability in Splunk In universal forwarder versions before 9.0, management services are available remotely by default. | 7.5 |
| 2022-06-14 | CVE-2021-40649 | Incorrect Permission Assignment for Critical Resource vulnerability in Softwareag Connx 6.2.0.1269 In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. | 6.5 |
| 2022-06-14 | CVE-2022-31465 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Xpedition Designer A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). | 7.8 |
| 2022-06-13 | CVE-2022-33175 | Incorrect Permission Assignment for Critical Resource vulnerability in Powertekpdus products Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. | 9.8 |
| 2022-06-13 | CVE-2022-1412 | Incorrect Permission Assignment for Critical Resource vulnerability in Premierethemes LOG WP Mail 0.1 The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. | 7.5 |
| 2022-06-09 | CVE-2022-25151 | Incorrect Permission Assignment for Critical Resource vulnerability in Itarian On-Premise and Saas Service Desk Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. | 7.5 |
| 2022-05-27 | CVE-2022-30700 | Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Apex ONE 2019 An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. | 7.8 |
| 2022-05-25 | CVE-2022-1348 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability was found in logrotate in how the state file is created. | 6.5 |
| 2022-05-18 | CVE-2022-30990 | Incorrect Permission Assignment for Critical Resource vulnerability in Acronis Agent and Cyber Protect Sensitive information disclosure due to insecure folder permissions. | 7.5 |