Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-14 | CVE-2023-38557 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Spectrum Power 7 2.20/2.30 A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). | 7.8 |
| 2023-09-12 | CVE-2023-32005 | Incorrect Permission Assignment for Critical Resource vulnerability in Nodejs Node.Js A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. | 5.3 |
| 2023-09-08 | CVE-2023-4777 | Incorrect Permission Assignment for Critical Resource vulnerability in Qualys Container Scanning Connector An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. | 4.3 |
| 2023-09-06 | CVE-2023-32162 | Incorrect Permission Assignment for Critical Resource vulnerability in Wacom Driver 6.3.451 Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. | 7.8 |
| 2023-09-01 | CVE-2023-3915 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. | 7.2 |
| 2023-08-31 | CVE-2023-34391 | Incorrect Permission Assignment for Critical Resource vulnerability in Selinc Sel-5033 Acselerator Real-Time Automation Controller Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000. | 5.5 |
| 2023-08-28 | CVE-2023-40754 | Incorrect Permission Assignment for Critical Resource vulnerability in PHPjabbers CAR Rental Script 3.0 In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | 8.8 |
| 2023-08-24 | CVE-2023-4228 | Incorrect Permission Assignment for Critical Resource vulnerability in Moxa Iologik E4200 Firmware 1.6 A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. | 4.3 |
| 2023-08-23 | CVE-2023-20200 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. | 6.3 |
| 2023-08-23 | CVE-2023-20230 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Application Policy Infrastructure Controller 5.2(1G) A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. | 5.4 |