Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2017-07-31 CVE-2017-9494 Incorrect Permission Assignment for Critical Resource vulnerability in Motorola Mx011Anm Firmware Mx011An2.9P6S1Prodsey
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet.
network
low complexity
motorola CWE-732
5.3
5.3
2017-07-31 CVE-2017-9482 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session.
network
low complexity
cisco CWE-732
critical
 9.8
9.8
2017-07-31 CVE-2017-9479 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem.
network
low complexity
cisco CWE-732
critical
 9.8
9.8
2017-07-24 CVE-2017-11422 Incorrect Permission Assignment for Critical Resource vulnerability in Statamic
Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called.
network
low complexity
statamic CWE-732
8.8
8.8
2017-07-17 CVE-2017-1000022 Incorrect Permission Assignment for Critical Resource vulnerability in Logicaldoc
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation.
network
low complexity
logicaldoc CWE-732
8.8
8.8
2017-07-06 CVE-2017-0703 Incorrect Permission Assignment for Critical Resource vulnerability in Google Android
A elevation of privilege vulnerability in the Android system ui.
local
low complexity
google CWE-732
7.8
7.8
2017-06-26 CVE-2017-9615 Incorrect Permission Assignment for Critical Resource vulnerability in Cognito Moneyworks
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.
network
low complexity
cognito CWE-732
critical
 9.8
9.8
2017-06-21 CVE-2017-9780 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable.
local
low complexity
flatpak debian CWE-732
7.8
7.8
2017-06-16 CVE-2017-9602 Incorrect Permission Assignment for Critical Resource vulnerability in Kbvault Mysql Project Kbvault Mysql 0.16A
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component.
network
low complexity
kbvault-mysql-project CWE-732
critical
 9.8
9.8
2017-06-15 CVE-2017-9606 Incorrect Permission Assignment for Critical Resource vulnerability in Infotecs Vipnet Client and Vipnet Coordinator
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder.
local
low complexity
infotecs CWE-732
7.3
7.3