Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-31 | CVE-2016-2121 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openstack 10 A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. | 5.5 |
| 2018-10-30 | CVE-2018-10712 | Incorrect Permission Assignment for Critical Resource vulnerability in Asrock products The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. | 7.2 |
| 2018-10-30 | CVE-2018-10710 | Incorrect Permission Assignment for Critical Resource vulnerability in Asrock products The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. | 7.2 |
| 2018-10-30 | CVE-2018-10709 | Incorrect Permission Assignment for Critical Resource vulnerability in Asrock products The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. | 4.6 |
| 2018-10-26 | CVE-2018-11951 | Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm SD 845 Firmware and SD 850 Firmware Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850. | 4.9 |
| 2018-10-26 | CVE-2018-18654 | Incorrect Permission Assignment for Critical Resource vulnerability in Debian Crossroads 2.81 Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. | 7.2 |
| 2018-10-24 | CVE-2018-11792 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. | 9.8 |
| 2018-10-23 | CVE-2018-17873 | Incorrect Permission Assignment for Critical Resource vulnerability in Wifiranger Firmware An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account. | 3.3 |
| 2018-10-19 | CVE-2017-18348 | Incorrect Permission Assignment for Critical Resource vulnerability in Splunk Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access. | 6.9 |
| 2018-10-18 | CVE-2018-11080 | Incorrect Permission Assignment for Critical Resource vulnerability in EMC Secure Remote Services 3.0/3.02/3.03 Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. | 4.6 |