Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CVEs (1,663)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-21946 1Opensuse 1Cscreen Nov 21, 2024 Mar 16, 2022 N/A· v4 5.3 MEDIUM· v3 4.6 MEDIUM· v2 A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and...Show more A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.Show less
CVE-2022-21819 1Nvidia 1Jetson Linux Nov 21, 2024 Mar 11, 2022 N/A· v4 7.6 HIGH· v3 4.6 MEDIUM· v2 NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system ad...Show more NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.Show less
CVE-2022-22148 1Yokogawa 5Centum Cs 3000 Entry Firmware Centum Cs 3000 FirmwareCentum Vp Entry Firmware+2 more Nov 21, 2024 Mar 11, 2022 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00...Show more 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.Show less
CVE-2022-22141 1Yokogawa 5Centum Cs 3000 Entry Firmware Centum Cs 3000 FirmwareCentum Vp Entry Firmware+2 more Nov 21, 2024 Mar 11, 2022 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versi...Show more 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.Show less
CVE-2021-42855 1Riverbed 1Steelcentral Appinternals Dynamic Sampling Agent Nov 21, 2024 Mar 10, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is s...Show more It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.Show less
CVE-2021-4199 1Bitdefender 4Antivirus Plus Endpoint Security ToolsInternet Security+1 more Nov 21, 2024 Mar 7, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windo...Show more Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.Show less
CVE-2021-3631 2Netapp Redhat 4Enterprise Linux LibvirtOntap Select Deploy Administration Utility+1 more Nov 21, 2024 Mar 2, 2022 N/A· v4 6.3 MEDIUM· v3 3.3 LOW· v2 A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt co...Show more A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.Show less
CVE-2022-25010 1Stepmania 1Stepmania Nov 21, 2024 Mar 1, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system.
CVE-2022-24327 1Jetbrains 1Hub Nov 21, 2024 Feb 25, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
CVE-2022-0247 1Google 1Fuchsia Nov 21, 2024 Feb 25, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commi...Show more An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions.Show less
CVE-2021-3557 2Argoproj Redhat 2Argo Cd Openshift Gitops Nov 21, 2024 Feb 16, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster i...Show more A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality.Show less
CVE-2022-0483 1Acronis 1Vss Doctor Nov 21, 2024 Feb 11, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53
CVE-2021-44521 1Apache 1Cassandra Nov 21, 2024 Feb 11, 2022 N/A· v4 9.1 CRITICAL· v3 8.5 HIGH· v2 When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker...Show more When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.Show less
CVE-2022-0532 2Kubernetes Redhat 2Cri O Openshift Container Platform Nov 21, 2024 Feb 9, 2022 N/A· v4 4.2 MEDIUM· v3 4.9 MEDIUM· v2 An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod...Show more An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.Show less
CVE-2021-39992 1Huawei 1Emui Nov 21, 2024 Feb 9, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2021-22284 1Abb 1Opc Server For Ac 800m Nov 21, 2024 Feb 4, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server.
CVE-2021-29396 1Globalnorthstar 1Northstar Club Management Nov 21, 2024 Feb 4, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication.
CVE-2022-0338 1Loguru Project 1Loguru Feb 24, 2026 Jan 25, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.
CVE-2022-0277 1Microweber 1Microweber Nov 21, 2024 Jan 20, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-21694 1Onionshare 1Onionshare Nov 21, 2024 Jan 18, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which wil...Show more OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images.Show less

Previous 1...373839...84 Next