Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2021-12-24 CVE-2021-20874 Incorrect Permission Assignment for Critical Resource vulnerability in Groupsession
Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain sensitive information via unspecified vectors.
network
low complexity
groupsession CWE-732
7.5
7.5
2021-12-21 CVE-2021-27445 Incorrect Permission Assignment for Critical Resource vulnerability in Mesalabs Amegaview
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device.
local
low complexity
mesalabs CWE-732
7.8
7.8
2021-12-20 CVE-2021-35248 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Orion Platform
It has been reported that any Orion user, e.g.
network
low complexity
solarwinds CWE-732
4.3
4.3
2021-12-15 CVE-2021-0904 Incorrect Permission Assignment for Critical Resource vulnerability in Google Android
In SRAMROM, there is a possible permission bypass due to an insecure permission setting.
local
low complexity
google CWE-732
6.7
6.7
2021-12-15 CVE-2021-42309 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft products
Microsoft SharePoint Server Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-732
8.8
8.8
2021-12-09 CVE-2021-43065 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortinac
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.
local
low complexity
fortinet CWE-732
7.8
7.8
2021-12-07 CVE-2021-36133 Incorrect Permission Assignment for Critical Resource vulnerability in Linaro Op-Tee
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory.
local
low complexity
linaro CWE-732
7.1
7.1
2021-12-07 CVE-2021-44512 Incorrect Permission Assignment for Critical Resource vulnerability in Tmate Tmate-Ssh-Server 2.3.0
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
local
high complexity
tmate CWE-732
7.0
7.0
2021-12-06 CVE-2021-43034 Incorrect Permission Assignment for Critical Resource vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
local
low complexity
kaseya CWE-732
7.8
7.8
2021-11-30 CVE-2021-40101 Incorrect Permission Assignment for Critical Resource vulnerability in Concretecms Concrete CMS
An issue was discovered in Concrete CMS before 8.5.7.
network
low complexity
concretecms CWE-732
7.2
7.2