CWE-279
21 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-279page 1 of 1
- CVE-2020-8025MEDIUMCVSS 6.1EG 6.12020-08-07
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumblew…
- CVE-2022-21699HIGHCVSS 8.2EG 8.22022-01-19
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerabili…
- CVE-2023-3915MEDIUMCVSS 6.5EG 6.52023-09-01
An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on …
- CVE-2023-4383HIGHCVSS 7.8EG 7.82023-08-16
A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack…
- CVE-2023-4665HIGHCVSS 8.8EG 8.82023-09-15
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9.
- CVE-2023-50914MEDIUMCVSS 6.7EG 6.72024-04-30
A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control perm…
- CVE-2024-11220HIGHCVSS 7.8EG 7.82024-12-06
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privi…
- CVE-2024-25621HIGHCVSS 7.3EG 7.32025-11-06
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory path…
- CVE-2024-37025MEDIUMCVSS 6.7EG 6.72024-11-13
Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-37734CRITICALCVSS 9.8EG 9.82024-06-26
An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.
- CVE-2024-39286LOWCVSS 3.3EG 3.32025-02-12
Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-13663MEDIUMCVSS 6.7EG 6.72025-12-11
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.
- CVE-2025-14025HIGHCVSS 8.5EG 8.52026-01-08
A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write opera…
- CVE-2025-20612MEDIUMCVSS 5.5EG 5.52025-05-13
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-22843HIGHCVSS 7.8EG 7.82025-05-13
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-23233LOWCVSS 3.5EG 3.52025-05-13
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-23263HIGHCVSS 7.6EG 7.62025-07-17
NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.
- CVE-2025-26422MEDIUMCVSS 4.0EG 4.02025-09-04
In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges ne…
- CVE-2025-30001HIGHCVSS 7.3EG 7.32025-10-10
Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue.
- CVE-2025-36228LOWCVSS 3.8EG 3.82025-12-26
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.
- CVE-2025-58437HIGHCVSS 8.1EG 8.12025-09-06
Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automati…
Map vulnerabilities like CWE-279 to your infrastructure
EchelonGraph correlates every CVE — across CWE-279 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →