Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2021-07-15 CVE-2021-25318 Incorrect Permission Assignment for Critical Resource vulnerability in Rancher
A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to.
network
low complexity
rancher CWE-732
8.8
2021-07-14 CVE-2021-31859 Incorrect Permission Assignment for Critical Resource vulnerability in Ysoft Safeq 6.0.55
Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream.
local
low complexity
ysoft CWE-732
7.8
2021-07-14 CVE-2020-0417 Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0/8.1/9.0
In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent.
local
low complexity
google CWE-732
7.8
2021-07-13 CVE-2021-20423 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Cloud PAK for Applications
IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions.
network
low complexity
ibm CWE-732
8.8
2021-07-12 CVE-2021-22921 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms.
local
low complexity
nodejs siemens CWE-732
7.8
2021-07-08 CVE-2021-34110 Incorrect Permission Assignment for Critical Resource vulnerability in Nica Winwaste.Net 1.0.6183.16475
WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges.
local
low complexity
nica CWE-732
7.8
2021-07-07 CVE-2021-20416 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Guardium Data Encryption 3.0.0.3/4.0.0.4
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
5.3
2021-07-02 CVE-2021-36129 Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki
An issue was discovered in the Translate extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-732
4.3
2021-07-01 CVE-2021-32729 Incorrect Permission Assignment for Critical Resource vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-732
5.4
2021-06-29 CVE-2021-23275 Incorrect Permission Assignment for Critical Resource vulnerability in Tibco products
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software.
local
low complexity
tibco CWE-732
7.8