Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-11053 Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Idrac Service Module
Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable.
network
low complexity
dell CWE-732
6.5
6.5
2018-06-26 CVE-2018-1000547 Incorrect Permission Assignment for Critical Resource vulnerability in Corebos 5.4/5.5/7.0
coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to.
network
low complexity
corebos CWE-732
5.3
5.3
2018-06-26 CVE-2018-1000511 Incorrect Permission Assignment for Critical Resource vulnerability in Wpulike Ulike 2.8.1/3.1
WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables.
network
low complexity
wpulike CWE-732
7.5
7.5
2018-06-26 CVE-2018-1000510 Incorrect Permission Assignment for Critical Resource vulnerability in Silkypress Image Zoom 1.23
WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service.
network
low complexity
silkypress CWE-732
6.5
6.5
2018-06-22 CVE-2018-12642 Incorrect Permission Assignment for Critical Resource vulnerability in Froxlor
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user.
network
low complexity
froxlor CWE-732
7.5
7.5
2018-06-21 CVE-2018-12615 Incorrect Permission Assignment for Critical Resource vulnerability in Phusion Passenger
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2.
network
low complexity
phusion CWE-732
5.3
5.3
2018-06-19 CVE-2018-11116 Incorrect Permission Assignment for Critical Resource vulnerability in Openwrt
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution.
network
low complexity
openwrt CWE-732
8.8
8.8
2018-06-17 CVE-2018-12028 Incorrect Permission Assignment for Critical Resource vulnerability in Phusion Passenger 5.3.0/5.3.1
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager.
local
low complexity
phusion CWE-732
7.8
7.8
2018-06-17 CVE-2018-12027 Incorrect Permission Assignment for Critical Resource vulnerability in Phusion Passenger 5.3.0/5.3.1
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
network
low complexity
phusion CWE-732
8.8
8.8
2018-06-17 CVE-2018-12335 Incorrect Permission Assignment for Critical Resource vulnerability in Ecos System Management Appliance 5.2.68
Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment.
low complexity
ecos CWE-732
7.3
7.3