Vulnerabilities > Incorrect Permission Assignment for Critical Resource
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-16 | CVE-2017-0845 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android A denial of service vulnerability in the Android framework (syncstorageengine). | 7.5 |
2017-11-16 | CVE-2017-0831 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 8.0 An elevation of privilege vulnerability in the Android framework (window manager). | 7.8 |
2017-11-16 | CVE-2017-0830 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android An elevation of privilege vulnerability in the Android framework (device policy client). | 7.8 |
2017-11-16 | CVE-2017-16834 | Incorrect Permission Assignment for Critical Resource vulnerability in Pnp4Nagios PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. | 7.8 |
2017-11-15 | CVE-2017-15288 | Incorrect Permission Assignment for Critical Resource vulnerability in Scala-Lang Scala The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | 7.8 |
2017-11-13 | CVE-2017-3166 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Hadoop In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. | 7.8 |
2017-11-10 | CVE-2017-16754 | Incorrect Permission Assignment for Critical Resource vulnerability in Boltcms Bolt Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. | 5.3 |
2017-11-09 | CVE-2017-16757 | Incorrect Permission Assignment for Critical Resource vulnerability in Hola VPN 1.34 Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. | 7.8 |
2017-11-08 | CVE-2017-16659 | Incorrect Permission Assignment for Critical Resource vulnerability in Anti-Spam Smtp Proxy Project Anti-Spam Smtp Proxy 1.9.8.13030 The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script. | 7.8 |
2017-11-06 | CVE-2017-16638 | Incorrect Permission Assignment for Critical Resource vulnerability in VDE Project VDE The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script. | 9.8 |