Vulnerabilities > Incorrect Permission Assignment for Critical Resource
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-31 | CVE-2023-34391 | Incorrect Permission Assignment for Critical Resource vulnerability in Selinc Sel-5033 Acselerator Real-Time Automation Controller Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000. | 5.5 |
2023-08-28 | CVE-2023-40754 | Incorrect Permission Assignment for Critical Resource vulnerability in PHPjabbers CAR Rental Script 3.0 In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | 8.8 |
2023-08-24 | CVE-2023-4228 | Incorrect Permission Assignment for Critical Resource vulnerability in Moxa Iologik E4200 Firmware 1.6 A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. | 4.3 |
2023-08-23 | CVE-2023-20200 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. | 6.3 |
2023-08-23 | CVE-2023-20230 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Application Policy Infrastructure Controller 5.2(1G) A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. | 5.4 |
2023-08-23 | CVE-2023-20234 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. | 6.0 |
2023-08-16 | CVE-2023-4383 | Incorrect Permission Assignment for Critical Resource vulnerability in Escanav Escan Anti-Virus 7.0.32 A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. | 7.8 |
2023-08-15 | CVE-2023-4332 | Incorrect Permission Assignment for Critical Resource vulnerability in Broadcom Raid Controller web Interface 51.12.02779 Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file | 7.5 |
2023-08-11 | CVE-2023-28658 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi Math Kernel Library Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-08-09 | CVE-2023-39003 | Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | 7.5 |