CWE-732
1,658 CVEs • Abstraction: Class • Likelihood of Exploit: High
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CVEs (1,658)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue. |
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /persist/ which presents a potentia...Show more |
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential...Show more |
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /data/ which presents a potential i...Show more |
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /firmware/ which presents a potenti...Show more |
1Buffalo 1Ts5600d1206 Firmware Nov 21, 2024 Nov 26, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. |
1Roche 4Accu Chek Inform Ii Firmware Base Unit Hub FirmwareCoaguchek Firmware+1 moreNov 21, 2024 Nov 20, 2018 N/A· v4 8.0 HIGH· v3 7.7 HIGH· v2 An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenti...Show more |
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreNov 21, 2024 Nov 14, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. |
Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access. |
The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. |
Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update...Show more |
2Foscam Opticam4C2 Application Firmware C2 System FirmwareI5 Application Firmware+1 moreNov 21, 2024 Nov 7, 2018 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 07...Show more |
2Foscam Opticam4C2 Application Firmware C2 System FirmwareI5 Application Firmware+1 moreNov 21, 2024 Nov 7, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh ha...Show more |
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access...Show more |
1Asrock 4A Tuning F StreamRestart To Uefi+1 moreNov 21, 2024 Oct 30, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/...Show more |
1Asrock 4A Tuning F StreamRestart To Uefi+1 moreNov 21, 2024 Oct 30, 2018 N/A· v4 7.1 HIGH· v3 7.2 HIGH· v2 The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitr...Show more |
1Asrock 4A Tuning F StreamRestart To Uefi+1 moreNov 21, 2024 Oct 30, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR reg...Show more |
1Qualcomm 2Sd 845 Firmware Sd 850 FirmwareNov 21, 2024 Oct 26, 2018 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850. |
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process...Show more |