Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2018-09-26 CVE-2018-16588 Incorrect Permission Assignment for Critical Resource vulnerability in Suse Shadow 4.2.127.9.1/4.55.39
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15).
local
low complexity
suse CWE-732
7.8
7.8
2018-09-26 CVE-2018-14327 Incorrect Permission Assignment for Critical Resource vulnerability in EE Ee40Vb Firmware Ee40000.20045
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.
local
low complexity
ee CWE-732
7.8
7.8
2018-09-26 CVE-2018-8848 Incorrect Permission Assignment for Critical Resource vulnerability in Philips E-Alert Firmware 2.1/R2.1
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
low complexity
philips CWE-732
7.5
7.5
2018-09-25 CVE-2018-6040 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
network
low complexity
google debian redhat CWE-732
6.5
6.5
2018-09-24 CVE-2018-14825 Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell products
On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges.
local
high complexity
honeywell CWE-732
5.8
5.8
2018-09-21 CVE-2018-11240 Incorrect Permission Assignment for Critical Resource vulnerability in Softcase T-Router Firmware 20112017
An issue was discovered on SoftCase T-Router build 20112017 devices.
network
low complexity
softcase CWE-732
critical
 9.8
9.8
2018-09-21 CVE-2018-1711 Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks.
local
low complexity
ibm CWE-732
7.8
7.8
2018-09-20 CVE-2018-11277 Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm products
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time.
local
low complexity
qualcomm CWE-732
7.8
7.8
2018-09-18 CVE-2018-16958 Incorrect Permission Assignment for Critical Resource vulnerability in Oracle Webcenter Interaction 10.3.3
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.
network
low complexity
oracle CWE-732
5.4
5.4
2018-09-14 CVE-2018-17037 Incorrect Permission Assignment for Critical Resource vulnerability in Ucms Project Ucms 1.4.6
user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3.
network
low complexity
ucms-project CWE-732
8.8
8.8