Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2021-02-10 CVE-2021-0336 Incorrect Permission Assignment for Critical Resource vulnerability in Google Android
In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent.
local
low complexity
google CWE-732
7.8
7.8
2021-02-10 CVE-2021-0334 Incorrect Permission Assignment for Critical Resource vulnerability in Google Android
In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains.
local
low complexity
google CWE-732
7.8
7.8
2021-02-10 CVE-2021-23874 Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Total Protection
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
local
low complexity
mcafee CWE-732
7.8
7.8
2021-02-09 CVE-2020-26196 Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Powerscale Onefs
Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue.
local
low complexity
dell CWE-732
5.5
5.5
2021-02-09 CVE-2020-26194 Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Powerscale Onefs 8.1.2/8.2.2
Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability.
local
low complexity
dell CWE-732
7.8
7.8
2021-02-05 CVE-2020-10553 Incorrect Permission Assignment for Critical Resource vulnerability in Psyprax
An issue was discovered in Psyprax before 3.2.2.
local
low complexity
psyprax CWE-732
5.5
5.5
2021-02-03 CVE-2021-25276 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Serv-U
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable.
local
low complexity
solarwinds CWE-732
7.1
7.1
2021-01-26 CVE-2021-3165 Incorrect Permission Assignment for Critical Resource vulnerability in Missionlabs Smartagent 3.1.0
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.
network
low complexity
missionlabs CWE-732
8.8
8.8
2021-01-26 CVE-2020-17522 Incorrect Permission Assignment for Critical Resource vulnerability in Apache Traffic Control
When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers.
network
low complexity
apache CWE-732
5.8
5.8
2021-01-19 CVE-2020-28482 Incorrect Permission Assignment for Critical Resource vulnerability in Fastify Fastify-Csrf
This affects the package fastify-csrf before 3.0.0.
network
low complexity
fastify CWE-732
8.8
8.8