Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-11	CVE-2018-18352	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. network low complexity google redhat debian CWE-732	6.5
2018-12-11	CVE-2018-18349	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. network low complexity google debian redhat CWE-732	6.5
2018-12-06	CVE-2018-6755	Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee True KEY Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. local low complexity mcafee CWE-732	7.8
2018-12-03	CVE-2018-14703	Incorrect Permission Assignment for Critical Resource vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password. network low complexity drobo CWE-732 critical	9.8
2018-12-03	CVE-2018-19836	Incorrect Permission Assignment for Critical Resource vulnerability in Metinfo 6.1.3 In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. network low complexity metinfo CWE-732	6.1
2018-11-30	CVE-2018-15835	Incorrect Permission Assignment for Critical Resource vulnerability in Google Android Android 1.0 through 9.0 has Insecure Permissions. network low complexity google CWE-732	7.5
2018-11-30	CVE-2018-15768	Incorrect Permission Assignment for Critical Resource vulnerability in Dell Openmanage Network Manager Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. network low complexity dell CWE-732	6.5
2018-11-29	CVE-2018-11002	Incorrect Permission Assignment for Critical Resource vulnerability in Pulsesecure Pulse Secure Desktop Client Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. local low complexity pulsesecure CWE-732	5.5
2018-11-27	CVE-2018-13355	Incorrect Permission Assignment for Critical Resource vulnerability in Terra-Master Terramaster Operating System 3.1.03 Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. network low complexity terra-master CWE-732	6.5
2018-11-27	CVE-2018-11914	Incorrect Permission Assignment for Critical Resource vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/ which presents a potential security. local low complexity google CWE-732	7.8