Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-14 | CVE-2018-1386 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Workload Scheduler IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. | 7.8 |
| 2018-03-13 | CVE-2018-1000080 | Incorrect Permission Assignment for Critical Resource vulnerability in Ajenti 2 Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. | 6.5 |
| 2018-03-13 | CVE-2018-1000072 | Incorrect Permission Assignment for Critical Resource vulnerability in Iredmail iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. | 7.5 |
| 2018-03-13 | CVE-2018-1000071 | Incorrect Permission Assignment for Critical Resource vulnerability in Roundcube Webmail roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. | 7.5 |
| 2018-03-12 | CVE-2018-6623 | Incorrect Permission Assignment for Critical Resource vulnerability in Hola VPN 1.79.859 An issue was discovered in Hola 1.79.859. | 8.8 |
| 2018-03-12 | CVE-2017-18226 | Incorrect Permission Assignment for Critical Resource vulnerability in Jabberd2 The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command. | 5.5 |
| 2018-03-12 | CVE-2017-18225 | Incorrect Permission Assignment for Critical Resource vulnerability in Jabberd2 The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs. | 7.8 |
| 2018-03-09 | CVE-2018-7581 | Incorrect Permission Assignment for Critical Resource vulnerability in Weblogexpert Weblog Expert 9.4 \ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin. | 7.8 |
| 2018-03-09 | CVE-2018-1069 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift 3.7 Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. | 7.1 |
| 2018-03-08 | CVE-2018-5313 | Incorrect Permission Assignment for Critical Resource vulnerability in Rapidscada Rapid Scada 5.5.0 A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. | 7.8 |