Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-01 | CVE-2017-6928 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. | 5.3 |
| 2018-03-01 | CVE-2017-9268 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption). | 6.5 |
| 2018-02-22 | CVE-2018-1417 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Java SDK Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. | 8.1 |
| 2018-02-22 | CVE-2018-7408 | Incorrect Permission Assignment for Critical Resource vulnerability in Npmjs NPM 5.7.0 An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). | 7.8 |
| 2018-02-21 | CVE-2018-7311 | Incorrect Permission Assignment for Critical Resource vulnerability in Privatevpn 2.0.31 PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. | 8.8 |
| 2018-02-21 | CVE-2018-1168 | Incorrect Permission Assignment for Critical Resource vulnerability in Hitachienergy Sys600 Firmware This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. | 7.8 |
| 2018-02-21 | CVE-2018-1164 | Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel P-870H-51 Firmware 1.00(Awg.3)D5 This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. | 9.8 |
| 2018-02-15 | CVE-2018-7169 | Incorrect Permission Assignment for Critical Resource vulnerability in Shadow Project Shadow 4.5 An issue was discovered in shadow 4.5. | 5.3 |
| 2018-02-15 | CVE-2017-15352 | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei products Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. | 3.1 |
| 2018-02-12 | CVE-2017-13236 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 8.0/8.1 In the KeyStore service, there is a permissions bypass that allows access to protected resources. | 7.8 |