Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CVEs (1,663)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-34997 1Intel 1Server Configuration Utility Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-34314 1Intel 1Simics Simulator Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-41700 1Intel 1Nuc Pro Software Suite Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-33898 1Intel 1Nuc Watchdog Timer Utility Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-36633 1Fortinet 1Fortimail Nov 21, 2024 Nov 14, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via...Show more An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.Show less
CVE-2023-47801 1Clickstudios 1Passwordstate Nov 21, 2024 Nov 13, 2023 N/A· v4 4.7 MEDIUM· v3 N/A· v2 An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the Pa...Show more An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records.Show less
CVE-2023-28134 1Checkpoint 1Endpoint Security Nov 21, 2024 Nov 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system i...Show more Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Show less
CVE-2023-3282 1Paloaltonetworks 1Cortex Xsoar Nov 21, 2024 Nov 8, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the atta...Show more A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.Show less
CVE-2023-5136 1Ni 4Diadem FlexloggerTopografix Data Plugin+1 more Nov 21, 2024 Nov 8, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
CVE-2023-46449 1Mayurik 1Inventory Management System Nov 21, 2024 Oct 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password...Show more Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.Show less
CVE-2023-42861 1Apple 1Macos Nov 21, 2024 Oct 25, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the sa...Show more A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.Show less
CVE-2023-42489 1Busbaer 1Eisbaer Scada Nov 21, 2024 Oct 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource
CVE-2023-40361 1Secudos 1Qiata Nov 21, 2024 Oct 20, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has w...Show more SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user.Show less
CVE-2023-34437 1Bakerhughes 1Bentley Nevada 3500 System Firmware Nov 21, 2024 Oct 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device.
CVE-2023-44201 1Juniper 2Junos Junos Os Evolved Nov 21, 2024 Oct 13, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without hav...Show more An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO. Show less
CVE-2023-32724 1Zabbix 1Zabbix Nov 3, 2025 Oct 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.
CVE-2023-32723 1Zabbix 1Zabbix Nov 21, 2024 Oct 12, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Request to LDAP is sent before user permissions are checked.
CVE-2023-45205 1Siemens 1Sicam Pas/pqs Nov 21, 2024 Oct 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated loc...Show more A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`.Show less
CVE-2023-38640 1Siemens 1Sicam Pas/pqs Nov 21, 2024 Oct 10, 2023 N/A· v4 4.4 MEDIUM· v3 N/A· v2 A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated loc...Show more A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.Show less
CVE-2022-30527 1Siemens 1Sinec Nms Nov 21, 2024 Oct 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authen...Show more A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.Show less

Previous 1...242526...84 Next