Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2024-07-31 CVE-2024-31202 Incorrect Permission Assignment for Critical Resource vulnerability in Proges Thermoscan IP 20211103
A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation.
local
low complexity
proges CWE-732
7.8
7.8
2024-07-30 CVE-2022-33167 Incorrect Permission Assignment for Critical Resource vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
7.5
7.5
2024-07-26 CVE-2024-41685 Incorrect Permission Assignment for Critical Resource vulnerability in Syrotech Sy-Gpon-1110-Wdont Firmware 3.1.02231102
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface.
network
low complexity
syrotech CWE-732
7.5
7.5
2024-07-25 CVE-2024-1724 Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Snapd
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path.
local
low complexity
canonical CWE-732
8.2
8.2
2024-07-16 CVE-2024-6435 Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Pavilion8
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges.
network
low complexity
rockwellautomation CWE-732
8.8
8.8
2024-07-15 CVE-2024-6739 Incorrect Permission Assignment for Critical Resource vulnerability in Openfind Mailaudit and Mailgates
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
network
low complexity
openfind CWE-732
6.1
6.1
2024-07-10 CVE-2024-28827 Incorrect Permission Assignment for Critical Resource vulnerability in Checkmk
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
local
low complexity
checkmk CWE-732
7.8
7.8
2024-06-14 CVE-2024-37369 Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk View 12.0/13.0
A privilege escalation vulnerability exists in the affected product.
network
low complexity
rockwellautomation CWE-732
8.8
8.8
2024-06-11 CVE-2024-36821 Incorrect Permission Assignment for Critical Resource vulnerability in Linksys Velop Whw0101 Firmware 1.1.13.202617
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root.
low complexity
linksys CWE-732
6.8
6.8
2024-06-06 CVE-2024-30369 Incorrect Permission Assignment for Critical Resource vulnerability in A10Networks Advanced Core Operating System
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability.
local
low complexity
a10networks CWE-732
7.8
7.8