Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2018-06-08 CVE-2018-4220 Incorrect Permission Assignment for Critical Resource vulnerability in Apple Swift
An issue was discovered in certain Apple products.
network
apple CWE-732
critical
 9.3
9.3
2018-06-07 CVE-2018-0352 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Wide Area Application Services 6.2(3)
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root.
local
low complexity
cisco CWE-732
7.2
7.2
2018-06-04 CVE-2017-18285 Incorrect Permission Assignment for Critical Resource vulnerability in Burp Project Burp
The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.
local
low complexity
burp-project gentoo CWE-732
3.6
3.6
2018-06-04 CVE-2017-18284 Incorrect Permission Assignment for Critical Resource vulnerability in Burp Project Burp
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
local
low complexity
burp-project gentoo CWE-732
3.6
3.6
2018-06-02 CVE-2018-11194 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).
network
low complexity
quest CWE-732
critical
 9.0
9.0
2018-06-02 CVE-2018-11193 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).
network
low complexity
quest CWE-732
critical
 9.0
9.0
2018-06-02 CVE-2018-11192 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).
network
low complexity
quest CWE-732
critical
 9.0
9.0
2018-06-02 CVE-2018-11191 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).
network
low complexity
quest CWE-732
critical
 9.0
9.0
2018-05-29 CVE-2018-1370 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium BIG Data Intelligence 3.1
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
network
low complexity
ibm CWE-732
6.5
6.5
2018-05-23 CVE-2018-11334 Incorrect Permission Assignment for Critical Resource vulnerability in Windscribe 1.81
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.
local
low complexity
windscribe CWE-732
4.6
4.6