Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-30 | CVE-2021-44230 | Incorrect Permission Assignment for Critical Resource vulnerability in Portswigger Burp Suite PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. | 6.5 |
| 2021-11-30 | CVE-2021-43998 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. | 6.5 |
| 2021-11-30 | CVE-2021-42115 | Incorrect Permission Assignment for Critical Resource vulnerability in Businessdnasolutions Topease Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID. | 9.1 |
| 2021-11-19 | CVE-2021-39235 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Ozone In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. | 6.5 |
| 2021-11-17 | CVE-2021-0064 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel products Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2021-11-17 | CVE-2021-33091 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC M15 Laptop KIT Audio Driver Pack Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2021-11-17 | CVE-2021-33093 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC M15 Laptop KIT Serial IO Driver Pack Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Serial IO driver pack before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2021-11-17 | CVE-2021-33094 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC M15 Laptop KIT Keyboard LED Service Driver Pack Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2021-11-17 | CVE-2021-42954 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. | 7.8 |
| 2021-11-17 | CVE-2021-42955 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Remote Access Plus Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. | 7.8 |