Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-02 | CVE-2017-6104 | Incorrect Permission Assignment for Critical Resource vulnerability in ZEN Mobile APP Native Project ZEN Mobile APP Native 3.0 Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | 7.5 |
| 2017-02-15 | CVE-2017-0317 | Incorrect Permission Assignment for Critical Resource vulnerability in Nvidia GPU Driver All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution. | 7.5 |
| 2017-02-15 | CVE-2017-0311 | Incorrect Permission Assignment for Critical Resource vulnerability in Nvidia GPU Driver NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges. | 8.8 |
| 2017-02-08 | CVE-2017-0423 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. | 5.3 |
| 2009-11-24 | CVE-2009-3897 | Incorrect Permission Assignment for Critical Resource vulnerability in Dovecot Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. | 5.5 |
| 2009-11-16 | CVE-2009-3939 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | 7.1 |
| 2009-10-26 | CVE-2009-3611 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. | 7.1 |
| 2009-09-30 | CVE-2009-3489 | Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Photoshop Elements 8.0 Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | 7.8 |
| 2009-09-30 | CVE-2009-3482 | Incorrect Permission Assignment for Critical Resource vulnerability in Trustport Antivirus and PC Security TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs. | 7.8 |
| 2009-09-22 | CVE-2009-3289 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. | 7.8 |