Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2023-05-04 CVE-2023-30399 Incorrect Permission Assignment for Critical Resource vulnerability in Garo products
Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
network
high complexity
garo CWE-732
8.1
8.1
2023-05-04 CVE-2023-25438 Incorrect Permission Assignment for Critical Resource vulnerability in Genomedics Millegpg 5.9.2
An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files.
local
low complexity
genomedics CWE-732
7.8
7.8
2023-04-28 CVE-2023-0834 Incorrect Permission Assignment for Critical Resource vulnerability in Hypr Workforce Access
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.
network
low complexity
hypr CWE-732
critical
 9.8
9.8
2023-04-22 CVE-2023-0207 Incorrect Permission Assignment for Critical Resource vulnerability in Nvidia Sbios
NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code.
local
low complexity
nvidia CWE-732
4.4
4.4
2023-04-19 CVE-2023-28123 Incorrect Permission Assignment for Critical Resource vulnerability in UI Desktop 0.55.1.2/0.55.3.17/0.59.1.71
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later.
local
low complexity
ui CWE-732
5.5
5.5
2023-04-18 CVE-2023-30606 Incorrect Permission Assignment for Critical Resource vulnerability in Discourse
Discourse is an open source platform for community discussion.
network
low complexity
discourse CWE-732
4.9
4.9
2023-04-18 CVE-2023-22294 Incorrect Permission Assignment for Critical Resource vulnerability in Tribe29 Checkmk
Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.
network
low complexity
tribe29 CWE-732
8.8
8.8
2023-04-17 CVE-2023-28960 Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Junos OS Evolved
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system.
local
low complexity
juniper CWE-732
8.2
8.2
2023-04-12 CVE-2023-30512 Incorrect Permission Assignment for Critical Resource vulnerability in Linuxfoundation Cubefs
CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation.
network
low complexity
linuxfoundation CWE-732
6.5
6.5
2023-04-11 CVE-2023-1939 Incorrect Permission Assignment for Critical Resource vulnerability in Devolutions Remote Desktop Manager
No access control for the OTP key   on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.
network
low complexity
devolutions CWE-732
4.3
4.3