Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-09 | CVE-2018-1000025 | Incorrect Permission Assignment for Critical Resource vulnerability in Firebase Admin SDK for PHP Project Firebase Admin SDK for PHP Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. | 8.1 |
| 2018-02-09 | CVE-2018-1053 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. | 7.0 |
| 2018-02-04 | CVE-2018-6606 | Incorrect Permission Assignment for Critical Resource vulnerability in Malwarefox Antimalware 2.74.0.150 An issue was discovered in MalwareFox AntiMalware 2.74.0.150. | 7.8 |
| 2018-02-03 | CVE-2018-6593 | Incorrect Permission Assignment for Critical Resource vulnerability in Malwarefox Antimalware 2.74.0.150 An issue was discovered in MalwareFox AntiMalware 2.74.0.150. | 7.8 |
| 2018-02-02 | CVE-2018-6536 | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga An issue was discovered in Icinga 2.x through 2.8.1. | 5.5 |
| 2018-01-31 | CVE-2017-16945 | Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path. | 7.8 |
| 2018-01-31 | CVE-2017-16928 | Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip. | 7.8 |
| 2018-01-26 | CVE-2017-1000403 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Speaks! 0.1/0.1.1 Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts. | 8.8 |
| 2018-01-18 | CVE-2018-0089 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Policy Suite 10.0.0/11.0.0/11.1.0 A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. | 7.5 |
| 2018-01-18 | CVE-2018-0088 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Industrial Ethernet 4010 Series Firmware A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. | 6.7 |