Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-20230 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Application Policy Infrastructure Controller 5.2(1G) A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. | 5.4 |
| 2023-08-23 | CVE-2023-20234 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. | 6.0 |
| 2023-08-16 | CVE-2023-4383 | Incorrect Permission Assignment for Critical Resource vulnerability in Escanav Escan Anti-Virus 7.0.32 A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. | 7.8 |
| 2023-08-15 | CVE-2023-4332 | Incorrect Permission Assignment for Critical Resource vulnerability in Broadcom Raid Controller web Interface 51.12.02779 Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | 7.5 |
| 2023-08-11 | CVE-2023-28658 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi Math Kernel Library Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-08-09 | CVE-2023-39003 | Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | 7.5 |
| 2023-08-09 | CVE-2023-39004 | Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. | 9.8 |
| 2023-08-09 | CVE-2023-39005 | Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | 7.5 |
| 2023-08-08 | CVE-2022-39062 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sicam Toolbox II 07.00/07.01 A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). | 7.8 |
| 2023-08-04 | CVE-2023-38991 | Incorrect Permission Assignment for Critical Resource vulnerability in Jeesite 1.2.6 An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. | 5.4 |