VYPR

CWE-279

Incorrect Execution-Assigned Permissions

VariantDraft

Description

While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-81

CVEs mapped to this weakness (17)

  • CVE-2023-4665HigSep 15, 2023
    risk 0.57cvss 8.8epss 0.01

    Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.

  • CVE-2025-14025HigJan 8, 2026
    risk 0.55cvss 8.5epss 0.00

    A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g.,…

  • CVE-2025-22843HigMay 13, 2025
    risk 0.51cvss 7.8epss 0.00

    Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-23263HigJul 17, 2025
    risk 0.49cvss 7.6epss 0.00

    NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.

  • CVE-2024-37025MedNov 13, 2024
    risk 0.44cvss 6.7epss 0.00

    Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2023-50914MedApr 30, 2024
    risk 0.44cvss 6.7epss 0.01

    A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the…

  • CVE-2025-12801MedMar 4, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or…

  • CVE-2026-4948MedMar 27, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper…

  • CVE-2025-20612MedMay 13, 2025
    risk 0.36cvss 5.5epss 0.00

    Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2017-8441MedJun 5, 2017
    risk 0.28cvss 4.3epss 0.01

    Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an…

  • CVE-2025-23233LowMay 13, 2025
    risk 0.23cvss 3.5epss 0.00

    Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2024-39286LowFeb 12, 2025
    risk 0.21cvss 3.3epss 0.00

    Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2021-29262Apr 13, 2021
    risk 0.02cvss epss 0.08

    When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and…

  • CVE-2024-25621Nov 6, 2025
    risk 0.00cvss epss 0.00

    containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`,…

  • CVE-2025-30001Oct 10, 2025
    risk 0.00cvss epss 0.01

    Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue.

  • CVE-2022-21699Jan 19, 2022
    risk 0.00cvss epss 0.01

    IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing…

  • CVE-2021-31155May 27, 2021
    risk 0.00cvss epss 0.00

    Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command.