Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2017-08-18 CVE-2017-11653 Incorrect Permission Assignment for Critical Resource vulnerability in Razer Synapse
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.
local
low complexity
razer CWE-732
7.8
2017-08-18 CVE-2017-11652 Incorrect Permission Assignment for Critical Resource vulnerability in Razer Synapse
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.
local
low complexity
razer CWE-732
8.4
2017-08-15 CVE-2017-8665 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Xamarin.Ios 10.11
The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability."
local
low complexity
microsoft CWE-732
7.8
2017-08-14 CVE-2017-11156 Incorrect Permission Assignment for Critical Resource vulnerability in Synology Download Station
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
local
low complexity
synology CWE-732
7.8
2017-08-02 CVE-2017-11437 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
network
low complexity
gitlab CWE-732
6.5
2017-07-31 CVE-2017-9494 Incorrect Permission Assignment for Critical Resource vulnerability in Motorola Mx011Anm Firmware Mx011An2.9P6S1Prodsey
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet.
network
low complexity
motorola CWE-732
5.3
2017-07-31 CVE-2017-9482 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session.
network
low complexity
cisco CWE-732
critical
9.8
2017-07-31 CVE-2017-9479 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem.
network
low complexity
cisco CWE-732
critical
9.8
2017-07-24 CVE-2017-11422 Incorrect Permission Assignment for Critical Resource vulnerability in Statamic
Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called.
network
low complexity
statamic CWE-732
8.8
2017-07-17 CVE-2017-1000022 Incorrect Permission Assignment for Critical Resource vulnerability in Logicaldoc
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation.
network
low complexity
logicaldoc CWE-732
8.8