Vulnerabilities > Incorrect Permission Assignment for Critical Resource
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-15 | CVE-2021-25318 | Incorrect Permission Assignment for Critical Resource vulnerability in Rancher A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. | 8.8 |
2021-07-14 | CVE-2021-31859 | Incorrect Permission Assignment for Critical Resource vulnerability in Ysoft Safeq 6.0.55 Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream. | 7.8 |
2021-07-14 | CVE-2020-0417 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0/8.1/9.0 In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. | 7.8 |
2021-07-13 | CVE-2021-20423 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Cloud PAK for Applications IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. | 8.8 |
2021-07-12 | CVE-2021-22921 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. | 7.8 |
2021-07-08 | CVE-2021-34110 | Incorrect Permission Assignment for Critical Resource vulnerability in Nica Winwaste.Net 1.0.6183.16475 WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges. | 7.8 |
2021-07-07 | CVE-2021-20416 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Guardium Data Encryption 3.0.0.3/4.0.0.4 IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.3 |
2021-07-02 | CVE-2021-36129 | Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki An issue was discovered in the Translate extension in MediaWiki through 1.36. | 4.3 |
2021-07-01 | CVE-2021-32729 | Incorrect Permission Assignment for Critical Resource vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 5.4 |
2021-06-29 | CVE-2021-23275 | Incorrect Permission Assignment for Critical Resource vulnerability in Tibco products The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. | 7.8 |