Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2018-06-15 CVE-2018-12457 Incorrect Permission Assignment for Critical Resource vulnerability in Expresscart Project Expresscart
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
network
low complexity
expresscart-project CWE-732
8.8
2018-06-14 CVE-2018-1036 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft products
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
local
high complexity
microsoft CWE-732
7.0
2018-06-14 CVE-2018-0982 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows 10 and Windows Server 2016
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
local
high complexity
microsoft CWE-732
7.0
2018-06-12 CVE-2018-12259 Incorrect Permission Assignment for Critical Resource vulnerability in Apollotechnologiesinc Momentum Axel 720P Firmware 5.1.8
An issue was discovered on Momentum Axel 720P 5.1.8 devices.
6.8
2018-06-11 CVE-2017-7821 Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types.
network
low complexity
mozilla CWE-732
critical
9.8
2018-06-11 CVE-2017-5456 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message.
network
low complexity
redhat mozilla CWE-732
critical
9.8
2018-06-11 CVE-2017-5426 Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox.
network
low complexity
mozilla CWE-732
5.3
2018-06-08 CVE-2018-4251 Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-732
5.5
2018-06-08 CVE-2018-4238 Incorrect Permission Assignment for Critical Resource vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
low complexity
apple CWE-732
2.4
2018-06-08 CVE-2018-4220 Incorrect Permission Assignment for Critical Resource vulnerability in Apple Swift
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-732
8.8