Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2024-36821 | Incorrect Permission Assignment for Critical Resource vulnerability in Linksys Velop Whw0101 Firmware 1.1.13.202617 Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. | 6.8 |
| 2024-06-06 | CVE-2024-30369 | Incorrect Permission Assignment for Critical Resource vulnerability in A10Networks Advanced Core Operating System A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. | 7.8 |
| 2024-05-16 | CVE-2024-21835 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Extreme Tuning Utility Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2024-04-19 | CVE-2024-29964 | Incorrect Permission Assignment for Critical Resource vulnerability in Broadcom Brocade Sannav Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. | 6.5 |
| 2024-03-12 | CVE-2024-28163 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Netweaver Process Integration 7.50 Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. | 5.3 |
| 2024-02-16 | CVE-2024-21915 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk Services Platform A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). | 8.8 |
| 2024-02-14 | CVE-2023-33870 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel products Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2024-02-05 | CVE-2023-34042 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Spring Security The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. | 5.5 |
| 2024-02-02 | CVE-2024-22016 | Incorrect Permission Assignment for Critical Resource vulnerability in Rapidscada Rapid Scada In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. | 7.8 |
| 2024-01-31 | CVE-2024-22236 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Spring Cloud Contract In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | 5.5 |