CVE-2018-11259

HIGH Year: 2018
CVSS v3 Score
7.7
High
CVSS v2 Score
3.6
Low
Weakness Type
CWE-732
View all →

Vulnerability Description

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition.

Related Vulnerabilities

CVE-2024-25646

HIGH
CVSS:7.7(High)

Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitati...

CWE-7322024

CVE-2007-5544

HIGH
CVSS:7.8(High)

IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC,...

CWE-7322007

CVE-2008-0322

HIGH
CVSS:7.8(High)

The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. N...

CWE-7322008

CVE-2008-0662

HIGH
CVSS:7.8(High)

The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control p...

CWE-7322008

CVE-2009-0115

HIGH
CVSS:7.8(High)

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating system...

CWE-7322009

CVE-2009-3289

HIGH
CVSS:7.8(High)

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demons...

CWE-7322009