Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2017-07-06 CVE-2017-0703 Incorrect Permission Assignment for Critical Resource vulnerability in Google Android
A elevation of privilege vulnerability in the Android system ui.
local
low complexity
google CWE-732
7.8
2017-06-26 CVE-2017-9615 Incorrect Permission Assignment for Critical Resource vulnerability in Cognito Moneyworks
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.
network
low complexity
cognito CWE-732
critical
9.8
2017-06-21 CVE-2017-9780 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable.
local
low complexity
flatpak debian CWE-732
7.8
2017-06-16 CVE-2017-9602 Incorrect Permission Assignment for Critical Resource vulnerability in Kbvault Mysql Project Kbvault Mysql 0.16A
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component.
network
low complexity
kbvault-mysql-project CWE-732
critical
9.8
2017-06-15 CVE-2017-9606 Incorrect Permission Assignment for Critical Resource vulnerability in Infotecs Vipnet Client and Vipnet Coordinator
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder.
local
low complexity
infotecs CWE-732
7.3
2017-06-07 CVE-2017-7563 Incorrect Permission Assignment for Critical Resource vulnerability in ARM Trusted Firmware
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism.
network
high complexity
arm CWE-732
8.1
2017-06-06 CVE-2017-9462 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
network
low complexity
mercurial debian redhat CWE-732
8.8
2017-05-27 CVE-2017-7337 Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiportal
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.
network
low complexity
fortinet CWE-732
critical
9.1
2017-05-21 CVE-2017-9136 Incorrect Permission Assignment for Critical Resource vulnerability in Mimosa Backhaul Radios and Client Radios
An issue was discovered on Mimosa Client Radios before 2.2.3.
network
low complexity
mimosa CWE-732
7.5
2017-05-19 CVE-2017-9079 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option.
local
high complexity
dropbear-ssh-project debian CWE-732
4.7