Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2023-08-23 CVE-2023-20234 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Firepower Extensible Operating System
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used.
local
low complexity
cisco CWE-732
6.0
6.0
2023-08-16 CVE-2023-4383 Incorrect Permission Assignment for Critical Resource vulnerability in Escanav Escan Anti-Virus 7.0.32
A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux.
local
low complexity
escanav CWE-732
7.8
7.8
2023-08-15 CVE-2023-4332 Incorrect Permission Assignment for Critical Resource vulnerability in Broadcom Raid Controller web Interface 51.12.02779
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
network
low complexity
broadcom CWE-732
7.5
7.5
2023-08-11 CVE-2023-28658 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi Math Kernel Library
Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
7.8
2023-08-09 CVE-2023-39003 Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense
OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp.
network
low complexity
opnsense CWE-732
7.5
7.5
2023-08-09 CVE-2023-39004 Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
network
low complexity
opnsense CWE-732
critical
 9.8
9.8
2023-08-09 CVE-2023-39005 Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.
network
low complexity
opnsense CWE-732
7.5
7.5
2023-08-08 CVE-2022-39062 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sicam Toolbox II 07.00/07.01
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10).
local
low complexity
siemens CWE-732
7.8
7.8
2023-08-04 CVE-2023-38991 Incorrect Permission Assignment for Critical Resource vulnerability in Jeesite 1.2.6
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.
network
low complexity
jeesite CWE-732
5.4
5.4
2023-08-03 CVE-2023-20216 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system.
local
low complexity
cisco CWE-732
7.8
7.8