Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-0392 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products
A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user.
local
low complexity
cisco CWE-732
5.5
5.5
2018-07-13 CVE-2018-1000211 Incorrect Permission Assignment for Critical Resource vulnerability in Doorkeeper Project Doorkeeper
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
network
low complexity
doorkeeper-project CWE-732
7.5
7.5
2018-07-13 CVE-2018-1000209 Incorrect Permission Assignment for Critical Resource vulnerability in Sensu Core
Sensu, Inc.
network
low complexity
sensu CWE-732
8.8
8.8
2018-07-13 CVE-2018-1000207 Incorrect Permission Assignment for Critical Resource vulnerability in Modx Revolution
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content.
network
low complexity
modx CWE-732
7.2
7.2
2018-07-13 CVE-2018-14043 Incorrect Permission Assignment for Critical Resource vulnerability in Monetra Mstdlib 1.2.0
mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c.
network
low complexity
monetra CWE-732
critical
 9.8
9.8
2018-07-12 CVE-2018-12979 Incorrect Permission Assignment for Critical Resource vulnerability in Wago products
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02.
network
low complexity
wago CWE-732
6.5
6.5
2018-07-09 CVE-2018-13791 Incorrect Permission Assignment for Critical Resource vulnerability in Abbyy Flexicapture
The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter.
network
low complexity
abbyy CWE-732
critical
 9.8
9.8
2018-07-09 CVE-2018-1000621 Incorrect Permission Assignment for Critical Resource vulnerability in Mycroft Mycroft-Core
Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution.
network
high complexity
mycroft CWE-732
8.1
8.1
2018-07-09 CVE-2017-7471 Incorrect Permission Assignment for Critical Resource vulnerability in Qemu
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue.
low complexity
qemu CWE-732
critical
 9.0
9.0
2018-07-06 CVE-2018-11259 Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm products
Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased.
local
low complexity
qualcomm CWE-732
7.7
7.7