Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-06 | CVE-2017-13168 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An elevation of privilege vulnerability in the kernel scsi driver. | 7.8 |
| 2017-12-01 | CVE-2017-16895 | Incorrect Permission Assignment for Critical Resource vulnerability in Arqbackup ARQ The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | 7.8 |
| 2017-11-24 | CVE-2017-16933 | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. | 7.0 |
| 2017-11-22 | CVE-2017-8158 | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Fusioncompute V100R005C00/V100R005C10 FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. | 6.5 |
| 2017-11-18 | CVE-2017-16882 | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. | 7.8 |
| 2017-11-17 | CVE-2017-1000221 | Incorrect Permission Assignment for Critical Resource vulnerability in Apereo Opencast In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. | 6.5 |
| 2017-11-17 | CVE-2017-1000125 | Incorrect Permission Assignment for Critical Resource vulnerability in Codiad Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | 7.5 |
| 2017-11-16 | CVE-2017-0845 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android A denial of service vulnerability in the Android framework (syncstorageengine). | 7.5 |
| 2017-11-16 | CVE-2017-0831 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 8.0 An elevation of privilege vulnerability in the Android framework (window manager). | 7.8 |
| 2017-11-16 | CVE-2017-0830 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android An elevation of privilege vulnerability in the Android framework (device policy client). | 7.8 |