Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CVEs (1,659)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-4072 1Sierrawireless 1Airlink Es450 Firmware Nov 21, 2024 May 6, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSet_Task.cgi executable is used to change MSCII...Show more An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSet_Task.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoint.Show less
CVE-2019-1803 1Cisco 1Nexus 9000 Series Application Centric Infrastructure Nov 21, 2024 May 3, 2019 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain el...Show more A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.Show less
CVE-2018-19374 1Zohocorp 1Manageengine Admanager Plus Nov 21, 2024 Apr 30, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
CVE-2018-14980 1Asus 1Zenfone 3 Max Firmware Nov 21, 2024 Apr 25, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package...Show more The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage (i.e., sdcard). The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.Show less
CVE-2019-10710 1Hisilicon 1Hi3510 Firmware Nov 21, 2024 Apr 23, 2019 N/A· v4 8.8 HIGH· v3 4.0 MEDIUM· v2 Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HTTP request. This aff...Show more Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HTTP request. This affects certain devices labeled as HI3510, HI3518, LOOSAFE, LEVCOECAM, Sywstoda, BESDER, WUSONGLUSAN, GADINAN, Unitoptek, ESCAM, etc.Show less
CVE-2019-11244 3Kubernetes NetappRedhat 3Kubernetes Openshift Container PlatformTrident Nov 21, 2024 Apr 22, 2019 N/A· v4 5.0 MEDIUM· v3 1.9 LOW· v2 In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is spec...Show more In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.Show less
CVE-2018-18094 1Intel 1Media Sdk Nov 21, 2024 Apr 17, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-9222 1Gitlab 1Gitlab Nov 21, 2024 Apr 17, 2019 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
CVE-2018-6269 1Nvidia 1Jetson Tx2 Nov 21, 2024 Apr 12, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure,...Show more NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3.Show less
CVE-2018-17305 1Uipath 1Orchestrator Nov 21, 2024 Apr 11, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.
CVE-2018-19589 1Utimaco 1Securityserver Cse Firmware Nov 21, 2024 Apr 9, 2019 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 Incorrect Access Controls of Security Officer (SO) in PKCS11 R2 provider that ships with the Utimaco CryptoServer HSM product package allows an SO authenticated to a slot to retrieve attributes of keys marked as private...Show more Incorrect Access Controls of Security Officer (SO) in PKCS11 R2 provider that ships with the Utimaco CryptoServer HSM product package allows an SO authenticated to a slot to retrieve attributes of keys marked as private keys in external key storage, and also delete keys marked as private keys in external key storage. This compromises the availability of all keys configured with external key storage and may result in an economic attack in which the attacker denies legitimate users access to keys while maintaining possession of an encrypted copy (blob) of the external key store for ransom. This attack has been dubbed reverse ransomware attack and may be executed via a physical connection to the CryptoServer or remote connection if SSH or remote access to LAN CryptoServer has been compromised. The Confidentiality and Integrity of the affected keys, however, remain untarnished.Show less
CVE-2019-3893 2Redhat Theforeman 2Foreman Satellite Nov 21, 2024 Apr 9, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user...Show more In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable.Show less
CVE-2019-0804 1Microsoft 1Walinuxagent Nov 21, 2024 Apr 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.
CVE-2018-1787 1Ibm 2Spectrum Protect Backup Archive Client Spectrum Protect For Virtual Environments Nov 21, 2024 Apr 8, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure file permissions. IBM X-Force ID: 148872.
CVE-2018-4324 1Apple 1Mac Os X Nov 21, 2024 Apr 3, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4178 1Apple 1Mac Os X Nov 21, 2024 Apr 3, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4.
CVE-2018-4051 1Gog 1Galaxy Nov 21, 2024 Apr 2, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root fil...Show more An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories.Show less
CVE-2018-4049 1Gog 1Galaxy Nov 21, 2024 Apr 2, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of insta...Show more An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges.Show less
CVE-2018-3974 1Gog 1Galaxy Nov 21, 2024 Apr 2, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by defa...Show more An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges.Show less
CVE-2019-4093 1Ibm 1Spectrum Protect Nov 21, 2024 Apr 2, 2019 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to inco...Show more IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981.Show less

Previous 1...636465...83 Next