Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2021-07-08 CVE-2021-34110 Incorrect Permission Assignment for Critical Resource vulnerability in Nica Winwaste.Net 1.0.6183.16475
WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges.
local
low complexity
nica CWE-732
7.8
7.8
2021-07-07 CVE-2021-20416 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Guardium Data Encryption 3.0.0.3/4.0.0.4
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
5.3
5.3
2021-07-07 CVE-2021-32526 Incorrect Permission Assignment for Critical Resource vulnerability in Qsan Storage Manager
Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files.
network
low complexity
qsan CWE-732
6.5
6.5
2021-07-02 CVE-2021-36129 Incorrect Permission Assignment for Critical Resource vulnerability in Mediawiki
An issue was discovered in the Translate extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-732
4.3
4.3
2021-07-01 CVE-2021-32729 Incorrect Permission Assignment for Critical Resource vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-732
5.4
5.4
2021-06-29 CVE-2021-23275 Incorrect Permission Assignment for Critical Resource vulnerability in Tibco products
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software.
local
low complexity
tibco CWE-732
7.8
7.8
2021-06-24 CVE-2021-32717 Incorrect Permission Assignment for Critical Resource vulnerability in Shopware
Shopware is an open source eCommerce platform.
network
low complexity
shopware CWE-732
7.5
7.5
2021-06-24 CVE-2020-4945 Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions.
network
low complexity
ibm CWE-732
8.1
8.1
2021-06-22 CVE-2021-0552 Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 11.0
In getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent.
local
low complexity
google CWE-732
5.5
5.5
2021-06-22 CVE-2021-0570 Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 11.0
In sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent.
local
low complexity
google CWE-732
7.8
7.8