Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2023-33870 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel products Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2024-02-05 | CVE-2023-34042 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Spring Security The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. | 5.5 |
| 2024-02-02 | CVE-2024-22016 | Incorrect Permission Assignment for Critical Resource vulnerability in Rapidscada Rapid Scada In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. | 7.8 |
| 2024-01-31 | CVE-2024-22236 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Spring Cloud Contract In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | 5.5 |
| 2024-01-23 | CVE-2023-48714 | Incorrect Permission Assignment for Critical Resource vulnerability in Silverstripe Framework Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. | 4.3 |
| 2024-01-19 | CVE-2023-38541 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel HID Event Filter Driver 2.2.1.372/2.2.2.1 Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2024-01-16 | CVE-2023-52107 | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Emui and Harmonyos Vulnerability of permissions being not strictly verified in the WMS module. | 7.5 |
| 2024-01-16 | CVE-2023-52116 | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Emui and Harmonyos Permission management vulnerability in the multi-screen interaction module. | 7.5 |
| 2024-01-12 | CVE-2023-49257 | Incorrect Permission Assignment for Critical Resource vulnerability in Hongdian H8951-4G-Esp Firmware An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges. | 8.8 |
| 2024-01-11 | CVE-2023-6506 | Incorrect Permission Assignment for Critical Resource vulnerability in Wpwhitesecurity WP 2FA The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. | 4.3 |