Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-22 | CVE-2018-10285 | Incorrect Permission Assignment for Critical Resource vulnerability in Ericssonlg Ipecs NMS A.1Ac The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. | 9.8 |
| 2018-04-18 | CVE-2018-10204 | Incorrect Permission Assignment for Critical Resource vulnerability in Purevpn 6.0.1 PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. | 8.8 |
| 2018-04-18 | CVE-2018-1000165 | Incorrect Permission Assignment for Critical Resource vulnerability in Lightsaml LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. | 7.5 |
| 2018-04-18 | CVE-2018-1000158 | Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . | 8.8 |
| 2018-04-18 | CVE-2018-5342 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. | 7.2 |
| 2018-04-16 | CVE-2018-10170 | Incorrect Permission Assignment for Critical Resource vulnerability in Nordvpn 6.12.7.0 NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. | 9.8 |
| 2018-04-16 | CVE-2018-10169 | Incorrect Permission Assignment for Critical Resource vulnerability in Protonmail Protonvpn 1.3.3 ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. | 9.8 |
| 2018-04-05 | CVE-2018-1315 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Hive In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. | 3.7 |
| 2018-04-04 | CVE-2018-1002150 | Incorrect Permission Assignment for Critical Resource vulnerability in Koji Project Koji Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. | 9.1 |
| 2018-04-04 | CVE-2017-1624 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1 IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 5.4 |