Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-39004 Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
network
low complexity
opnsense CWE-732
critical
9.8
2023-08-09 CVE-2023-39005 Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.
network
low complexity
opnsense CWE-732
7.5
2023-08-08 CVE-2022-39062 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sicam Toolbox II 07.00/07.01
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10).
local
low complexity
siemens CWE-732
7.8
2023-08-04 CVE-2023-38991 Incorrect Permission Assignment for Critical Resource vulnerability in Jeesite 1.2.6
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.
network
low complexity
jeesite CWE-732
5.4
2023-08-03 CVE-2023-20216 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system.
local
low complexity
cisco CWE-732
7.8
2023-07-23 CVE-2023-28133 Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E87.30
Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file
local
low complexity
checkpoint CWE-732
7.8
2023-06-29 CVE-2022-44719 Incorrect Permission Assignment for Critical Resource vulnerability in Ucopia Wireless Appliance Firmware
An issue was discovered in Weblib Ucopia before 6.0.13.
network
low complexity
ucopia CWE-732
7.5
2023-06-29 CVE-2023-37237 Incorrect Permission Assignment for Critical Resource vulnerability in Veritas Netbackup Appliance
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
network
low complexity
veritas CWE-732
7.2
2023-06-27 CVE-2023-35799 Incorrect Permission Assignment for Critical Resource vulnerability in Stormshield Endpoint Security
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions.
local
low complexity
stormshield CWE-732
5.5
2023-06-27 CVE-2023-35800 Incorrect Permission Assignment for Critical Resource vulnerability in Stormshield Endpoint Security
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions.
network
low complexity
stormshield CWE-732
4.3