Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CVEs (1,663)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7314 1Mcafee 1Mcafee Agent Nov 21, 2024 Sep 10, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly a...Show more Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files.Show less
CVE-2018-17766 1Ingenico 1Telium 2 Firmware Nov 21, 2024 Sep 9, 2020 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
CVE-2020-23834 1Realtimelogic 1Barracudadrive Nov 21, 2024 Sep 4, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next start...Show more Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem.Show less
CVE-2020-5369 1Dell 2Emc Isilon Onefs Emc Powerscale Onefs Nov 21, 2024 Sep 2, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to...Show more Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.Show less
CVE-2020-24355 1Zyxel 1Vmg5313 B30b Firmware Nov 21, 2024 Sep 2, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. T...Show more Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion.Show less
CVE-2020-17402 1Parallels 1Parallels Desktop Nov 21, 2024 Aug 25, 2020 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the t...Show more This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log file, an attacker can disclose a memory address. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11063.Show less
CVE-2020-5417 1Cloudfoundry 2Capi Release Cf Deployment Nov 21, 2024 Aug 21, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developer...Show more Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components.Show less
CVE-2020-24394 5Canonical LinuxOpensuse+2 more 5Leap Linux KernelSd Wan Edge+2 more Nov 21, 2024 Aug 19, 2020 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current uma...Show more In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.Show less
CVE-2020-5385 1Dell 2Encryption Endpoint Security Suite Enterprise Nov 21, 2024 Aug 18, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low p...Show more Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.Show less
CVE-2020-0559 1Intel 76Ac 3165 Firmware Ac 3168 FirmwareAc 7265 Firmware+73 more Nov 21, 2024 Aug 13, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-8731 1Intel 18Compute Module Hns2600bp Firmware Compute Module Hns2600kp FirmwareCompute Module Hns2600tp Firmware+15 more Nov 21, 2024 Aug 13, 2020 N/A· v4 8.8 HIGH· v3 4.6 MEDIUM· v2 Incorrect execution-assigned permissions in the file system for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of priv...Show more Incorrect execution-assigned permissions in the file system for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2020-6295 1Sap 1Adaptive Server Enterprise Nov 21, 2024 Aug 12, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compr...Show more Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure.Show less
CVE-2020-4631 1Ibm 1Spectrum Protect Plus Nov 21, 2024 Aug 4, 2020 N/A· v4 5.5 MEDIUM· v3 1.9 LOW· v2 IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption o...Show more IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372.Show less
CVE-2019-19455 1Wowza 1Streaming Engine Nov 21, 2024 Aug 3, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing...Show more Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. This issue was resolved in Wowza Streaming Engine 4.8.5.Show less
CVE-2020-13915 1Ruckuswireless 1Unleashed Firmware Nov 21, 2024 Jul 28, 2020 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320,...Show more Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.Show less
CVE-2014-1422 1Canonical 2Trust Store (ubuntu) Trust Store (ubuntu Rtm) Nov 21, 2024 Jul 22, 2020 N/A· v4 5.0 MEDIUM· v3 1.9 LOW· v2 In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the ca...Show more In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.Show less
CVE-2020-9671 1Adobe 1Creative Cloud Desktop Application Nov 21, 2024 Jul 17, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2020-15697 1Joomla 1Joomla Nov 21, 2024 Jul 15, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.
CVE-2020-11827 1Gog 1Galaxy Nov 21, 2024 Jul 14, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacke...Show more In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileges and run commands on the machine with SYSTEM rights.Show less
CVE-2020-6267 1Sap 1Disclosure Management Nov 21, 2024 Jul 14, 2020 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.

Previous 1...495051...84 Next