Vulnerabilities > Incorrect Permission Assignment for Critical Resource
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-26 | CVE-2024-41685 | Incorrect Permission Assignment for Critical Resource vulnerability in Syrotech Sy-Gpon-1110-Wdont Firmware 3.1.02231102 This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. | 7.5 |
2024-07-25 | CVE-2024-1724 | Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Snapd In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. | 8.2 |
2024-07-16 | CVE-2024-6435 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Pavilion8 A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. | 8.8 |
2024-07-15 | CVE-2024-6739 | Incorrect Permission Assignment for Critical Resource vulnerability in Openfind Mailaudit and Mailgates The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS. | 6.1 |
2024-07-10 | CVE-2024-28827 | Incorrect Permission Assignment for Critical Resource vulnerability in Checkmk Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. | 7.8 |
2024-06-14 | CVE-2024-37369 | Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Factorytalk View 12.0/13.0 A privilege escalation vulnerability exists in the affected product. | 8.8 |
2024-06-11 | CVE-2024-36821 | Incorrect Permission Assignment for Critical Resource vulnerability in Linksys Velop Whw0101 Firmware 1.1.13.202617 Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. | 6.8 |
2024-06-08 | CVE-2024-3668 | Incorrect Permission Assignment for Critical Resource vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. | 8.8 |
2024-06-06 | CVE-2024-30369 | Incorrect Permission Assignment for Critical Resource vulnerability in A10Networks Advanced Core Operating System A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. | 7.8 |
2024-05-16 | CVE-2024-21835 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Extreme Tuning Utility Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |