Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-05 | CVE-2017-0884 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. | 4.3 |
| 2017-04-05 | CVE-2017-0883 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. | 5.5 |
| 2017-04-05 | CVE-2017-6338 | Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Interscan web Security Virtual Appliance Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key. | 4.0 |
| 2017-04-04 | CVE-2017-7307 | Incorrect Permission Assignment for Critical Resource vulnerability in Riverbed Rios Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file. | 7.2 |
| 2017-03-24 | CVE-2017-5199 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds LOG and Event Manager The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. | 6.5 |
| 2017-03-23 | CVE-2017-6950 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP GUI FOR Windows SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | 7.5 |
| 2017-03-23 | CVE-2017-7199 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. | 7.2 |
| 2017-03-20 | CVE-2017-6356 | Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Terminal Services Agent 6.0/7.0/8.0 Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors. | 5.0 |
| 2017-03-03 | CVE-2017-2290 | Incorrect Permission Assignment for Critical Resource vulnerability in Puppet Mcollective-Puppet-Agent 1.12.0 On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. | 9.0 |
| 2017-02-15 | CVE-2017-0317 | Incorrect Permission Assignment for Critical Resource vulnerability in Nvidia GPU Driver All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution. | 6.9 |