Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-46141 Incorrect Permission Assignment for Critical Resource vulnerability in Phoenixcontact products
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.
network
low complexity
phoenixcontact CWE-732
critical
 9.8
9.8
2023-12-14 CVE-2023-46142 Incorrect Permission Assignment for Critical Resource vulnerability in Phoenixcontact products
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
network
low complexity
phoenixcontact CWE-732
8.8
8.8
2023-12-14 CVE-2023-25648 Incorrect Permission Assignment for Critical Resource vulnerability in ZTE Zxcloud Irai Firmware 6.03.04/7.23.20
There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product.
local
low complexity
zte CWE-732
7.8
7.8
2023-12-12 CVE-2023-6593 Incorrect Permission Assignment for Critical Resource vulnerability in Devolutions Remote Desktop Manager
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.
network
low complexity
devolutions CWE-732
critical
 9.8
9.8
2023-12-12 CVE-2023-49578 Incorrect Permission Assignment for Critical Resource vulnerability in SAP Cloud Connector 2.0
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application.
low complexity
sap CWE-732
3.5
3.5
2023-12-12 CVE-2023-42924 Incorrect Permission Assignment for Critical Resource vulnerability in Apple Macos
A logic issue was addressed with improved checks.
local
low complexity
apple CWE-732
5.5
5.5
2023-12-10 CVE-2023-50446 Incorrect Permission Assignment for Critical Resource vulnerability in Mullvad VPN
An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1.
local
low complexity
mullvad CWE-732
7.8
7.8
2023-12-09 CVE-2023-49797 Incorrect Permission Assignment for Critical Resource vulnerability in Pyinstaller
PyInstaller bundles a Python application and all its dependencies into a single package.
local
low complexity
pyinstaller CWE-732
7.8
7.8
2023-12-07 CVE-2023-40302 Incorrect Permission Assignment for Critical Resource vulnerability in Netscout Ngeniuspulse 3.8.00.2349.0
NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability
network
low complexity
netscout CWE-732
critical
 9.1
9.1
2023-12-03 CVE-2023-49946 Incorrect Permission Assignment for Critical Resource vulnerability in Forgejo
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked.
network
low complexity
forgejo CWE-732
critical
 9.1
9.1