Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2024-04-29 CVE-2024-3375 Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc.
network
low complexity
CWE-732
critical
9.4
2024-02-09 CVE-2023-50292 Incorrect Permission Assignment for Critical Resource vulnerability in Apache Solr
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue.
network
low complexity
apache CWE-732
7.5
2024-02-05 CVE-2023-34042 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Spring Security
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit.
local
low complexity
vmware CWE-732
5.5
2024-02-02 CVE-2023-47564 Incorrect Permission Assignment for Critical Resource vulnerability in Qnap Qsync Central
An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central.
network
low complexity
qnap CWE-732
8.1
2024-02-02 CVE-2020-24681 Incorrect Permission Assignment for Critical Resource vulnerability in Br-Automation Automation Studio
Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.
local
low complexity
br-automation CWE-732
8.8
2024-02-02 CVE-2024-22016 Incorrect Permission Assignment for Critical Resource vulnerability in Rapidscada Rapid Scada
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory.
local
low complexity
rapidscada CWE-732
7.8
2024-01-31 CVE-2024-22236 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Spring Cloud Contract
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.
local
low complexity
vmware CWE-732
5.5
2024-01-23 CVE-2023-48714 Incorrect Permission Assignment for Critical Resource vulnerability in Silverstripe Framework
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system.
network
low complexity
silverstripe CWE-732
4.3
2024-01-19 CVE-2023-38541 Incorrect Permission Assignment for Critical Resource vulnerability in Intel HID Event Filter Driver 2.2.1.372/2.2.2.1
Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
2024-01-16 CVE-2023-52107 Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Emui and Harmonyos
Vulnerability of permissions being not strictly verified in the WMS module.
network
low complexity
huawei CWE-732
7.5