Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2018-11-13 CVE-2018-2490 Incorrect Permission Assignment for Critical Resource vulnerability in SAP Fiori Client
The broadcast messages received by SAP Fiori Client are not protected by permissions.
local
low complexity
sap CWE-732
7.8
7.8
2018-11-13 CVE-2018-2489 Incorrect Permission Assignment for Critical Resource vulnerability in SAP Fiori Client
Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client.
local
low complexity
sap CWE-732
7.8
7.8
2018-11-07 CVE-2018-19072 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128.
local
low complexity
opticam foscam CWE-732
5.5
5.5
2018-11-07 CVE-2018-19071 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128.
local
low complexity
opticam foscam CWE-732
7.8
7.8
2018-10-31 CVE-2016-2121 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openstack 10
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information.
local
low complexity
redhat CWE-732
5.5
5.5
2018-10-30 CVE-2018-10712 Incorrect Permission Assignment for Critical Resource vulnerability in Asrock products
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports.
local
low complexity
asrock CWE-732
7.8
7.8
2018-10-30 CVE-2018-10710 Incorrect Permission Assignment for Critical Resource vulnerability in Asrock products
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory.
local
low complexity
asrock CWE-732
7.1
7.1
2018-10-30 CVE-2018-10709 Incorrect Permission Assignment for Critical Resource vulnerability in Asrock products
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values.
local
low complexity
asrock CWE-732
7.8
7.8
2018-10-26 CVE-2018-11951 Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm SD 845 Firmware and SD 850 Firmware
Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850.
local
low complexity
qualcomm CWE-732
5.5
5.5
2018-10-26 CVE-2018-18654 Incorrect Permission Assignment for Critical Resource vulnerability in Debian Crossroads 2.81
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr.
local
low complexity
debian CWE-732
7.8
7.8