Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2023-08-31 CVE-2023-34391 Incorrect Permission Assignment for Critical Resource vulnerability in Selinc Sel-5033 Acselerator Real-Time Automation Controller
Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000.
local
low complexity
selinc CWE-732
5.5
2023-08-28 CVE-2023-40754 Incorrect Permission Assignment for Critical Resource vulnerability in PHPjabbers CAR Rental Script 3.0
In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
network
low complexity
phpjabbers CWE-732
8.8
2023-08-24 CVE-2023-4228 Incorrect Permission Assignment for Critical Resource vulnerability in Moxa Iologik E4200 Firmware 1.6
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application.
network
low complexity
moxa CWE-732
4.3
2023-08-23 CVE-2023-20200 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products
A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests.
network
high complexity
cisco CWE-732
6.3
2023-08-23 CVE-2023-20230 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Application Policy Infrastructure Controller 5.2(1G)
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries.
network
low complexity
cisco CWE-732
5.4
2023-08-23 CVE-2023-20234 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Firepower Extensible Operating System
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used.
local
low complexity
cisco CWE-732
6.0
2023-08-16 CVE-2023-4383 Incorrect Permission Assignment for Critical Resource vulnerability in Escanav Escan Anti-Virus 7.0.32
A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux.
local
low complexity
escanav CWE-732
7.8
2023-08-15 CVE-2023-4332 Incorrect Permission Assignment for Critical Resource vulnerability in Broadcom Raid Controller web Interface 51.12.02779
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file
network
low complexity
broadcom CWE-732
7.5
2023-08-11 CVE-2023-28658 Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi Math Kernel Library
Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-732
7.8
2023-08-09 CVE-2023-39003 Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense
OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp.
network
low complexity
opnsense CWE-732
7.5