Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-3706 Incorrect Permission Assignment for Critical Resource vulnerability in Pi-Hole web Interface
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag
network
low complexity
pi-hole CWE-732
7.5
7.5
2021-09-01 CVE-2021-35508 Incorrect Permission Assignment for Critical Resource vulnerability in Terarecon Aquariusnet 4.4.13
NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account.
network
low complexity
terarecon CWE-732
8.8
8.8
2021-08-30 CVE-2020-18121 Incorrect Permission Assignment for Critical Resource vulnerability in Indexhibit 2.1.5
A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell.
network
low complexity
indexhibit CWE-732
8.8
8.8
2021-08-29 CVE-2021-38154 Incorrect Permission Assignment for Critical Resource vulnerability in Canon -
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker.
network
low complexity
canon CWE-732
7.5
7.5
2021-08-24 CVE-2021-30964 Incorrect Permission Assignment for Critical Resource vulnerability in Apple products
An inherited permissions issue was addressed with additional restrictions.
local
low complexity
apple CWE-732
5.5
5.5
2021-08-24 CVE-2021-30892 Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X
An inherited permissions issue was addressed with additional restrictions.
local
low complexity
apple CWE-732
5.5
5.5
2021-08-24 CVE-2021-30920 Incorrect Permission Assignment for Critical Resource vulnerability in Apple Macos
A permissions issue was addressed with improved validation.
local
low complexity
apple CWE-732
5.5
5.5
2021-08-24 CVE-2021-38557 Incorrect Permission Assignment for Critical Resource vulnerability in Raspap 2.6.6
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
network
low complexity
raspap CWE-732
8.8
8.8
2021-08-17 CVE-2021-25263 Incorrect Permission Assignment for Critical Resource vulnerability in Yandex Browser
Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process.
local
low complexity
yandex CWE-732
7.8
7.8
2021-08-16 CVE-2021-36281 Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Powerscale Onefs
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability.
network
low complexity
dell CWE-732
8.8
8.8