Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2024-07-30 CVE-2022-33167 Incorrect Permission Assignment for Critical Resource vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
7.5
7.5
2024-07-26 CVE-2024-41685 Incorrect Permission Assignment for Critical Resource vulnerability in Syrotech Sy-Gpon-1110-Wdont Firmware 3.1.02231102
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface.
network
low complexity
syrotech CWE-732
7.5
7.5
2024-07-25 CVE-2024-1724 Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Snapd
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path.
local
low complexity
canonical CWE-732
8.2
8.2
2024-07-18 CVE-2024-5618 Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Apinizer Management Console: before 2024.05.1.
network
low complexity
CWE-732
critical
 9.9
9.9
2024-07-15 CVE-2024-6739 Incorrect Permission Assignment for Critical Resource vulnerability in Openfind Mailaudit and Mailgates
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
network
low complexity
openfind CWE-732
6.1
6.1
2024-07-09 CVE-2024-39875 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sinema Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).
network
low complexity
siemens CWE-732
4.3
4.3
2024-06-11 CVE-2024-36821 Incorrect Permission Assignment for Critical Resource vulnerability in Linksys Velop Whw0101 Firmware 1.1.13.202617
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root.
low complexity
linksys CWE-732
6.8
6.8
2024-06-08 CVE-2024-3668 Incorrect Permission Assignment for Critical Resource vulnerability in Ideabox Powerpack Addons for Elementor
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17.
network
low complexity
ideabox CWE-732
8.8
8.8
2024-06-06 CVE-2024-30369 Incorrect Permission Assignment for Critical Resource vulnerability in A10Networks Advanced Core Operating System
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability.
local
low complexity
a10networks CWE-732
7.8
7.8
2024-05-21 CVE-2024-21902 Incorrect Permission Assignment for Critical Resource vulnerability in Qnap QTS and Quts Hero
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-732
8.1
8.1