Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-04 | CVE-2017-9792 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala 2.8.0/2.9.0 In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. | 6.5 |
| 2017-09-26 | CVE-2017-9958 | Incorrect Permission Assignment for Critical Resource vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. | 7.8 |
| 2017-09-25 | CVE-2017-14730 | Incorrect Permission Assignment for Critical Resource vulnerability in Elasticsearch Logstash The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | 7.8 |
| 2017-09-14 | CVE-2017-13779 | Incorrect Permission Assignment for Critical Resource vulnerability in Gstn India Goods and Services TAX Network Offline Utility Tool 1.1 GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. | 7.8 |
| 2017-09-13 | CVE-2017-7560 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Rhnsd It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | 5.5 |
| 2017-09-08 | CVE-2017-0784 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android A elevation of privilege vulnerability in the Android system (nfc). | 8.8 |
| 2017-09-08 | CVE-2017-0752 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android A elevation of privilege vulnerability in the Android framework (windowmanager). | 7.8 |
| 2017-08-30 | CVE-2017-12713 | Incorrect Permission Assignment for Critical Resource vulnerability in Advantech Webaccess An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. | 7.8 |
| 2017-08-25 | CVE-2017-12816 | Incorrect Permission Assignment for Critical Resource vulnerability in Kaspersky Internet Security 11.12.4.1622 In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | 9.8 |
| 2017-08-18 | CVE-2017-11653 | Incorrect Permission Assignment for Critical Resource vulnerability in Razer Synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. | 7.8 |