Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-18 | CVE-2023-30606 | Incorrect Permission Assignment for Critical Resource vulnerability in Discourse Discourse is an open source platform for community discussion. | 4.9 |
| 2023-04-18 | CVE-2023-22294 | Incorrect Permission Assignment for Critical Resource vulnerability in Tribe29 Checkmk Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. | 8.8 |
| 2023-04-12 | CVE-2023-30512 | Incorrect Permission Assignment for Critical Resource vulnerability in Linuxfoundation Cubefs CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. | 6.5 |
| 2023-04-11 | CVE-2023-1939 | Incorrect Permission Assignment for Critical Resource vulnerability in Devolutions Remote Desktop Manager No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface. | 4.3 |
| 2023-04-11 | CVE-2022-43946 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Forticlient Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. | 8.1 |
| 2023-04-07 | CVE-2022-43309 | Incorrect Permission Assignment for Critical Resource vulnerability in Supermicro products Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. | 5.5 |
| 2023-04-05 | CVE-2023-0944 | Incorrect Permission Assignment for Critical Resource vulnerability in Imaworldhealth Bhima 1.27.0 Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. | 4.3 |
| 2023-04-03 | CVE-2023-0225 | Incorrect Permission Assignment for Critical Resource vulnerability in Samba A flaw was found in Samba. | 4.3 |
| 2023-04-03 | CVE-2022-43773 | Incorrect Permission Assignment for Critical Resource vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. | 8.8 |
| 2023-03-28 | CVE-2023-1516 | Incorrect Permission Assignment for Critical Resource vulnerability in Robodk 5.5.3 RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution. | 7.8 |