Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-06 | CVE-2018-4072 | Incorrect Permission Assignment for Critical Resource vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 8.8 |
| 2019-05-03 | CVE-2019-1803 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Nexus 9000 Series Application Centric Infrastructure A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. | 6.7 |
| 2019-04-30 | CVE-2018-19374 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Admanager Plus 6.6 Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory. | 7.0 |
| 2019-04-25 | CVE-2018-14980 | Incorrect Permission Assignment for Critical Resource vulnerability in Asus Zenfone 3 MAX Firmware The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. | 7.1 |
| 2019-04-23 | CVE-2019-10710 | Incorrect Permission Assignment for Critical Resource vulnerability in Hisilicon Hi3510 Firmware Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HTTP request. | 8.8 |
| 2019-04-22 | CVE-2019-11244 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). | 5.0 |
| 2019-04-17 | CVE-2018-18094 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Media SDK 2017/2018 Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2019-04-17 | CVE-2019-9222 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. | 8.1 |
| 2019-04-12 | CVE-2018-6269 | Incorrect Permission Assignment for Critical Resource vulnerability in Nvidia Jetson TX2 R28.1/R28.2.1 NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. | 7.8 |
| 2019-04-11 | CVE-2018-17305 | Incorrect Permission Assignment for Critical Resource vulnerability in Uipath Orchestrator UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution. | 8.8 |