Vulnerabilities > Incorrect Permission Assignment for Critical Resource
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-18 | CVE-2017-11653 | Incorrect Permission Assignment for Critical Resource vulnerability in Razer Synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. | 7.8 |
2017-08-18 | CVE-2017-11652 | Incorrect Permission Assignment for Critical Resource vulnerability in Razer Synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. | 8.4 |
2017-08-15 | CVE-2017-8665 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Xamarin.Ios 10.11 The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability." | 7.8 |
2017-08-14 | CVE-2017-11156 | Incorrect Permission Assignment for Critical Resource vulnerability in Synology Download Station Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. | 7.8 |
2017-08-02 | CVE-2017-11437 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. | 6.5 |
2017-07-31 | CVE-2017-9494 | Incorrect Permission Assignment for Critical Resource vulnerability in Motorola Mx011Anm Firmware Mx011An2.9P6S1Prodsey The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. | 5.3 |
2017-07-31 | CVE-2017-9482 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session. | 9.8 |
2017-07-31 | CVE-2017-9479 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem. | 9.8 |
2017-07-24 | CVE-2017-11422 | Incorrect Permission Assignment for Critical Resource vulnerability in Statamic Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. | 8.8 |
2017-07-17 | CVE-2017-1000022 | Incorrect Permission Assignment for Critical Resource vulnerability in Logicaldoc LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. | 8.8 |