Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2024-10-02 CVE-2024-24117 Incorrect Permission Assignment for Critical Resource vulnerability in Ruijie Rg-Nbs2009G-P Firmware 10.4(1)P2Release(9736)
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.
network
low complexity
ruijie CWE-732
critical
 9.8
9.8
2024-09-25 CVE-2022-43845 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Aspera Console 3.4.0/3.4.1/3.4.2
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
7.5
7.5
2024-09-09 CVE-2024-45041 Incorrect Permission Assignment for Critical Resource vulnerability in External-Secrets External Secrets Operator
External Secrets Operator is a Kubernetes operator that integrates external secret management systems.
network
low complexity
external-secrets CWE-732
8.8
8.8
2024-08-24 CVE-2022-43915 Incorrect Permission Assignment for Critical Resource vulnerability in IBM APP Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.
network
low complexity
ibm CWE-732
8.1
8.1
2024-08-21 CVE-2024-5930 Incorrect Permission Assignment for Critical Resource vulnerability in Vipre Advanced Security 12.0.1.214
VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability.
local
low complexity
vipre CWE-732
7.8
7.8
2024-08-14 CVE-2024-7513 Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk View 13.0/14.0
CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product.
network
low complexity
rockwellautomation CWE-732
8.8
8.8
2024-08-14 CVE-2024-5915 Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Globalprotect
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.
local
low complexity
paloaltonetworks CWE-732
7.8
7.8
2024-08-14 CVE-2024-23908 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Flexlm License Daemons for Intel Fpga
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
7.8
2024-08-14 CVE-2024-25561 Incorrect Permission Assignment for Critical Resource vulnerability in Intel products
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
7.8
2024-08-07 CVE-2024-43199 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios Ndoutils
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.
local
low complexity
nagios CWE-732
7.8
7.8