Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-34997 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Server Configuration Utility 16.0.7/16.0.8
Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
7.8
2023-11-14 CVE-2023-39230 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Rapid Storage Technology
Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
7.8
2023-11-14 CVE-2023-36633 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortimail
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.
network
low complexity
fortinet CWE-732
5.4
5.4
2023-11-13 CVE-2023-47801 Incorrect Permission Assignment for Critical Resource vulnerability in Clickstudios Passwordstate 9.5/9.6/9.7
An issue was discovered in Click Studios Passwordstate before 9811.
network
low complexity
clickstudios CWE-732
4.7
4.7
2023-11-12 CVE-2023-28134 Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E84/E85/E86
Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security.
local
low complexity
checkpoint CWE-732
7.8
7.8
2023-11-08 CVE-2023-3282 Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Cortex Xsoar
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.
local
low complexity
paloaltonetworks CWE-732
6.7
6.7
2023-11-08 CVE-2023-5136 Incorrect Permission Assignment for Critical Resource vulnerability in NI products
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure.
local
low complexity
ni CWE-732
5.5
5.5
2023-10-26 CVE-2023-46449 Incorrect Permission Assignment for Critical Resource vulnerability in Mayurik Inventory Management System 1.0
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control.
network
low complexity
mayurik CWE-732
8.8
8.8
2023-10-25 CVE-2023-42861 Incorrect Permission Assignment for Critical Resource vulnerability in Apple Macos 14.0
A logic issue was addressed with improved state management.
network
low complexity
apple CWE-732
6.5
6.5
2023-10-20 CVE-2023-40361 Incorrect Permission Assignment for Critical Resource vulnerability in Secudos Qiata 4.13
SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob.
local
low complexity
secudos CWE-732
7.8
7.8