Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2018-06-17 CVE-2018-12335 Incorrect Permission Assignment for Critical Resource vulnerability in Ecos System Management Appliance 5.2.68
Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment.
low complexity
ecos CWE-732
4.1
2018-06-15 CVE-2018-12457 Incorrect Permission Assignment for Critical Resource vulnerability in Expresscart Project Expresscart
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
network
low complexity
expresscart-project CWE-732
6.5
2018-06-14 CVE-2018-1036 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft products
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
6.9
2018-06-14 CVE-2018-0982 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows 10 and Windows Server 2016
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
6.9
2018-06-12 CVE-2018-12259 Incorrect Permission Assignment for Critical Resource vulnerability in Apollotechnologiesinc Momentum Axel 720P Firmware 5.1.8
An issue was discovered on Momentum Axel 720P 5.1.8 devices.
local
low complexity
apollotechnologiesinc CWE-732
7.2
2018-06-11 CVE-2017-7821 Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types.
network
low complexity
mozilla CWE-732
7.5
2018-06-11 CVE-2017-5456 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message.
network
low complexity
redhat mozilla CWE-732
7.5
2018-06-11 CVE-2017-5426 Incorrect Permission Assignment for Critical Resource vulnerability in Mozilla Firefox and Thunderbird
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox.
network
low complexity
mozilla linux CWE-732
5.0
2018-06-08 CVE-2018-4251 Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
network
apple CWE-732
7.1
2018-06-08 CVE-2018-4238 Incorrect Permission Assignment for Critical Resource vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
local
low complexity
apple CWE-732
2.1