Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-05 | CVE-2024-41720 | Incorrect Permission Assignment for Critical Resource vulnerability in Zexelon Zwx-2000Csw2-Hn Firmware Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device. | 8.0 |
| 2024-07-31 | CVE-2024-41954 | Incorrect Permission Assignment for Critical Resource vulnerability in Fogproject 1.5.10/1.5.10.15 FOG is a cloning/imaging/rescue suite/inventory management system. | 7.8 |
| 2024-07-31 | CVE-2024-31202 | Incorrect Permission Assignment for Critical Resource vulnerability in Proges Thermoscan IP 20211103 A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation. | 7.8 |
| 2024-07-30 | CVE-2022-33167 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM products IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 7.5 |
| 2024-07-26 | CVE-2024-41685 | Incorrect Permission Assignment for Critical Resource vulnerability in Syrotech Sy-Gpon-1110-Wdont Firmware 3.1.02231102 This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. | 7.5 |
| 2024-07-25 | CVE-2024-1724 | Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Snapd In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. | 8.2 |
| 2024-07-16 | CVE-2024-6435 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Pavilion8 A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. | 8.8 |
| 2024-07-15 | CVE-2024-6739 | Incorrect Permission Assignment for Critical Resource vulnerability in Openfind Mailaudit and Mailgates The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS. | 6.1 |
| 2024-07-10 | CVE-2024-28827 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkmk Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. | 7.8 |
| 2024-06-14 | CVE-2024-37369 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 A privilege escalation vulnerability exists in the affected product. | 8.8 |