Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-22 | CVE-2018-1417 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Java SDK Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. | 8.1 |
| 2018-02-22 | CVE-2018-7408 | Incorrect Permission Assignment for Critical Resource vulnerability in Npmjs NPM 5.7.0 An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). | 7.8 |
| 2018-02-21 | CVE-2018-7311 | Incorrect Permission Assignment for Critical Resource vulnerability in Privatevpn 2.0.31 PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. | 8.8 |
| 2018-02-21 | CVE-2018-1168 | Incorrect Permission Assignment for Critical Resource vulnerability in Hitachienergy Sys600 Firmware This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. | 7.8 |
| 2018-02-21 | CVE-2018-1164 | Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel P-870H-51 Firmware 1.00(Awg.3)D5 This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. | 9.8 |
| 2018-02-15 | CVE-2018-7169 | Incorrect Permission Assignment for Critical Resource vulnerability in Shadow Project Shadow 4.5 An issue was discovered in shadow 4.5. | 5.3 |
| 2018-02-15 | CVE-2017-15352 | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei products Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. | 3.1 |
| 2018-02-12 | CVE-2017-13236 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 8.0/8.1 In the KeyStore service, there is a permissions bypass that allows access to protected resources. | 7.8 |
| 2018-02-09 | CVE-2018-1000025 | Incorrect Permission Assignment for Critical Resource vulnerability in Firebase Admin SDK for PHP Project Firebase Admin SDK for PHP Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. | 8.1 |
| 2018-02-09 | CVE-2018-1053 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. | 7.0 |