Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-14 | CVE-2018-18093 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Vtune Amplifier 2017/2018 Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. | 7.8 |
| 2018-12-13 | CVE-2018-20145 | Incorrect Permission Assignment for Critical Resource vulnerability in Eclipse Mosquitto Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored. | 7.5 |
| 2018-12-11 | CVE-2018-18352 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. | 6.5 |
| 2018-12-11 | CVE-2018-18349 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. | 6.5 |
| 2018-12-06 | CVE-2018-6755 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee True KEY Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | 7.8 |
| 2018-12-03 | CVE-2018-14703 | Incorrect Permission Assignment for Critical Resource vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password. | 9.8 |
| 2018-12-03 | CVE-2018-19836 | Incorrect Permission Assignment for Critical Resource vulnerability in Metinfo 6.1.3 In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. | 6.1 |
| 2018-11-30 | CVE-2018-15835 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android Android 1.0 through 9.0 has Insecure Permissions. | 7.5 |
| 2018-11-30 | CVE-2018-15768 | Incorrect Permission Assignment for Critical Resource vulnerability in Dell Openmanage Network Manager Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. | 6.5 |
| 2018-11-29 | CVE-2018-11002 | Incorrect Permission Assignment for Critical Resource vulnerability in Pulsesecure Pulse Secure Desktop Client Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. | 5.5 |