Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2021-07-13 CVE-2021-20423 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Cloud PAK for Applications
IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions.
network
low complexity
ibm CWE-732
6.5
2021-07-13 CVE-2021-31894 A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions). 0.0
2021-07-12 CVE-2021-22921 Incorrect Permission Assignment for Critical Resource vulnerability in Nodejs Node.Js
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms.
local
nodejs CWE-732
4.4
2021-07-08 CVE-2021-29711 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Urbancode Deploy
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface.
network
low complexity
ibm CWE-732
4.0
2021-07-07 CVE-2021-32526 Incorrect Permission Assignment for Critical Resource vulnerability in Qsan Storage Manager
Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files.
network
low complexity
qsan CWE-732
4.0
2021-07-02 CVE-2021-36129 Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki
An issue was discovered in the Translate extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-732
4.0
2021-06-30 CVE-2021-35970 Incorrect Permission Assignment for Critical Resource vulnerability in Voxmedia Coral Talk
Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type.
network
low complexity
voxmedia CWE-732
5.0
2021-06-24 CVE-2020-4945 Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions.
network
low complexity
ibm CWE-732
5.5
2021-06-24 CVE-2021-29951 Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service.
network
low complexity
mozilla CWE-732
6.4
2021-06-23 CVE-2021-21809 Incorrect Permission Assignment for Critical Resource vulnerability in Moodle 3.10.0
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10.
network
low complexity
moodle CWE-732
critical
9.0