Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2024-07-26 CVE-2024-41685 Incorrect Permission Assignment for Critical Resource vulnerability in Syrotech Sy-Gpon-1110-Wdont Firmware 3.1.02231102
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface.
network
low complexity
syrotech CWE-732
7.5
2024-07-25 CVE-2024-1724 Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Snapd
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path.
local
low complexity
canonical CWE-732
8.2
2024-07-16 CVE-2024-6435 Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Pavilion8
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges.
network
low complexity
rockwellautomation CWE-732
8.8
2024-07-15 CVE-2024-6739 Incorrect Permission Assignment for Critical Resource vulnerability in Openfind Mailaudit and Mailgates
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
network
low complexity
openfind CWE-732
6.1
2024-07-10 CVE-2024-28827 Incorrect Permission Assignment for Critical Resource vulnerability in Checkmk
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
local
low complexity
checkmk CWE-732
7.8
2024-06-14 CVE-2024-37369 Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk View 12.0/13.0
A privilege escalation vulnerability exists in the affected product.
network
low complexity
rockwellautomation CWE-732
8.8
2024-06-11 CVE-2024-36821 Incorrect Permission Assignment for Critical Resource vulnerability in Linksys Velop Whw0101 Firmware 1.1.13.202617
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root.
low complexity
linksys CWE-732
6.8
2024-06-08 CVE-2024-3668 Incorrect Permission Assignment for Critical Resource vulnerability in Ideabox Powerpack Addons for Elementor
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17.
network
low complexity
ideabox CWE-732
8.8
2024-06-06 CVE-2024-30369 Incorrect Permission Assignment for Critical Resource vulnerability in A10Networks Advanced Core Operating System
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability.
local
low complexity
a10networks CWE-732
7.8
2024-05-16 CVE-2024-21835 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Extreme Tuning Utility
Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8