Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-5651 Incorrect Permission Assignment for Critical Resource vulnerability in Thimpress WP Hotel Booking
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
network
low complexity
thimpress CWE-732
5.4
2023-11-17 CVE-2023-6179 Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell Prowatch 4.5
Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s).
local
low complexity
honeywell CWE-732
7.8
2023-11-15 CVE-2023-48087 Incorrect Permission Assignment for Critical Resource vulnerability in Xuxueli Xxl-Job 2.4.0
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.
network
low complexity
xuxueli CWE-732
5.4
2023-11-14 CVE-2022-33898 Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC Watchdog Timer Utility
Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
2023-11-14 CVE-2022-41700 Incorrect Permission Assignment for Critical Resource vulnerability in Intel NUC PRO Software Suite 2.0.0.3
Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
2023-11-14 CVE-2023-34314 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Simics Simulator
Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
2023-11-14 CVE-2023-34997 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Server Configuration Utility 16.0.7/16.0.8
Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
2023-11-14 CVE-2023-39230 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Rapid Storage Technology
Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
2023-11-14 CVE-2023-36633 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortimail
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.
network
low complexity
fortinet CWE-732
5.4
2023-11-13 CVE-2023-47801 Incorrect Permission Assignment for Critical Resource vulnerability in Clickstudios Passwordstate 9.5/9.6/9.7
An issue was discovered in Click Studios Passwordstate before 9811.
network
low complexity
clickstudios CWE-732
4.7