Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-29 | CVE-2023-5077 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Vault The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. | 7.5 |
| 2023-09-27 | CVE-2023-20254 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Sd-Wan Manager A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. | 8.8 |
| 2023-09-27 | CVE-2023-4565 | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Emui and Harmonyos Broadcast permission control vulnerability in the framework module. | 5.3 |
| 2023-09-25 | CVE-2023-41295 | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Emui and Harmonyos Vulnerability of improper permission management in the displayengine module. | 5.3 |
| 2023-09-15 | CVE-2023-4665 | Incorrect Permission Assignment for Critical Resource vulnerability in Saphira Connect Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. | 8.8 |
| 2023-09-14 | CVE-2023-38557 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Spectrum Power 7 2.20/2.30 A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). | 7.8 |
| 2023-09-12 | CVE-2023-40622 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. | 9.9 |
| 2023-09-12 | CVE-2023-32005 | Incorrect Permission Assignment for Critical Resource vulnerability in Nodejs Node.Js A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. | 5.3 |
| 2023-09-08 | CVE-2023-4777 | Incorrect Permission Assignment for Critical Resource vulnerability in Qualys Container Scanning Connector 1.6.2.6 An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. | 4.3 |
| 2023-09-06 | CVE-2023-32162 | Incorrect Permission Assignment for Critical Resource vulnerability in Wacom Driver 6.3.451 Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. | 7.8 |