Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-04	CVE-2017-17867	Incorrect Permission Assignment for Critical Resource vulnerability in Intenogroup Iopsys 2.0/3.14/4.0 Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. network low complexity intenogroup CWE-732	8.8
2018-01-04	CVE-2017-1699	Incorrect Permission Assignment for Critical Resource vulnerability in IBM Websphere MQ IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. local low complexity ibm CWE-732	3.3
2018-01-04	CVE-2018-0752	Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft products The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". local low complexity microsoft CWE-732	7.8
2018-01-03	CVE-2017-1000485	Incorrect Permission Assignment for Critical Resource vulnerability in Nylas Mail Lives Project Nylas Mail 2.2.2 Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations. local low complexity nylas-mail-lives-project CWE-732	7.8
2018-01-03	CVE-2017-1000461	Incorrect Permission Assignment for Critical Resource vulnerability in Brave Browser 0.19.73 Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block). network low complexity brave CWE-732	4.7
2017-12-20	CVE-2017-5260	Incorrect Permission Assignment for Critical Resource vulnerability in Cambiumnetworks products In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account. network low complexity cambiumnetworks CWE-732	8.8
2017-12-20	CVE-2017-1266	Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. network low complexity ibm CWE-732	5.4
2017-12-19	CVE-2017-15877	Incorrect Permission Assignment for Critical Resource vulnerability in Sistemagpweb Gpweb 8.4.61 Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. network low complexity sistemagpweb CWE-732 critical	9.8
2017-12-13	CVE-2017-1716	Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Workload Scheduler 8.6/9.1/9.2 IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. local low complexity ibm CWE-732	3.3
2017-12-13	CVE-2017-17568	Incorrect Permission Assignment for Critical Resource vulnerability in Scubez Posty Readymade Classifieds Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. network low complexity scubez CWE-732	7.5