CWE-279 · Incorrect Execution-Assigned Permissions
22 CVEs classified under CWE-279 (Incorrect Execution-Assigned Permissions). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4665 | High | 8.8 | 2023-09-15 | Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. |
CVE-2025-14025 | High | 8.5 | 2026-01-08 | A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operat… |
CVE-2022-21699 | High | 8.2 | 2022-01-19 | IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming la… |
CVE-2025-58437 | High | 8.1 | 2025-09-06 | Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be comp… |
CVE-2025-22843 | High | 7.8 | 2025-05-13 | Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially e… |
CVE-2024-11220 | High | 7.8 | 2024-12-06 | A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server syste… |
CVE-2023-4383 | High | 7.8 | 2023-08-16 | A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot… |
CVE-2025-23263 | High | 7.6 | 2025-07-17 | NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of se… |
CVE-2024-25621 | High | 7.3 | 2025-11-06 | containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through… |
CVE-2026-20062 | High | 7.2 | 2026-03-04 | A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local att… |
CVE-2025-13663 | Medium | 6.7 | 2025-12-11 | Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the tar… |
CVE-2024-37025 | Medium | 6.7 | 2024-11-13 | Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authent… |
CVE-2025-12801 | Medium | 6.5 | 2026-03-04 | A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assi… |
CVE-2023-3915 | Medium | 6.5 | 2023-09-01 | An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions… |
CVE-2020-8025 | Medium | 6.1 | 2020-08-07 | A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTS… |
CVE-2026-4948 | Medium | 5.5 | 2026-03-27 | A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSett… |
CVE-2025-20612 | Medium | 5.5 | 2025-05-13 | Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially e… |
CVE-2017-8441 | Medium | 4.3 | 2017-06-05 | Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user… |
CVE-2025-36228 | Low | 3.8 | 2025-12-26 | IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that… |
CVE-2025-23233 | Low | 3.5 | 2025-05-13 | Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially e… |