Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2018-06-07 CVE-2018-0352 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Wide Area Application Services 6.2(3)
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root.
local
low complexity
cisco CWE-732
6.7
6.7
2018-06-04 CVE-2017-18285 Incorrect Permission Assignment for Critical Resource vulnerability in Burp Project Burp
The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.
local
low complexity
burp-project CWE-732
7.1
7.1
2018-06-04 CVE-2017-18284 Incorrect Permission Assignment for Critical Resource vulnerability in Burp Project Burp
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
local
low complexity
burp-project CWE-732
7.1
7.1
2018-06-02 CVE-2018-11194 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).
network
low complexity
quest CWE-732
8.8
8.8
2018-06-02 CVE-2018-11193 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).
network
low complexity
quest CWE-732
8.8
8.8
2018-06-02 CVE-2018-11192 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).
network
low complexity
quest CWE-732
8.8
8.8
2018-06-02 CVE-2018-11191 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).
network
low complexity
quest CWE-732
8.8
8.8
2018-05-29 CVE-2018-1370 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium BIG Data Intelligence 3.1
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
network
low complexity
ibm CWE-732
5.4
5.4
2018-05-23 CVE-2018-11334 Incorrect Permission Assignment for Critical Resource vulnerability in Windscribe 1.81
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.
local
low complexity
windscribe CWE-732
7.8
7.8
2018-05-15 CVE-2017-2612 Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
network
low complexity
jenkins CWE-732
5.4
5.4