Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2021-08-12 CVE-2021-37841 Incorrect Permission Assignment for Critical Resource vulnerability in Docker Desktop
Docker Desktop before 3.6.0 suffers from incorrect access control.
local
low complexity
docker CWE-732
7.8
7.8
2021-08-11 CVE-2021-38590 Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
local
low complexity
cpanel CWE-732
5.5
5.5
2021-08-11 CVE-2017-16630 Incorrect Permission Assignment for Critical Resource vulnerability in Sapphireims 40971
In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.
network
low complexity
sapphireims CWE-732
8.8
8.8
2021-08-11 CVE-2017-16631 Incorrect Permission Assignment for Critical Resource vulnerability in Sapphireims 40971
In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.
network
low complexity
sapphireims CWE-732
6.5
6.5
2021-08-11 CVE-2021-38085 Incorrect Permission Assignment for Critical Resource vulnerability in Canon Pixma Tr150 Firmware 3.71.2.10
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue.
local
low complexity
canon CWE-732
7.8
7.8
2021-08-05 CVE-2021-32577 Incorrect Permission Assignment for Critical Resource vulnerability in Acronis True Image 2021
Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.
local
low complexity
acronis CWE-732
7.8
7.8
2021-08-03 CVE-2021-30577 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
local
low complexity
google fedoraproject CWE-732
7.8
7.8
2021-07-20 CVE-2021-32463 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Apex ONE and Worry-Free Business Security
An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations.
local
low complexity
trendmicro CWE-732
7.8
7.8
2021-07-19 CVE-2021-32760 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
containerd is a container runtime.
network
low complexity
linuxfoundation fedoraproject CWE-732
6.3
6.3
2021-07-19 CVE-2021-35449 Incorrect Permission Assignment for Critical Resource vulnerability in Lexmark products
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability.
local
low complexity
lexmark CWE-732
7.8
7.8