Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-12 | CVE-2017-16885 | Incorrect Permission Assignment for Critical Resource vulnerability in Fiberhome Lm53Q1 Firmware Vh519R05C01S38 Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. | 9.8 |
| 2018-01-10 | CVE-2017-1459 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM products IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 4.2 |
| 2018-01-04 | CVE-2017-17867 | Incorrect Permission Assignment for Critical Resource vulnerability in Intenogroup Iopsys 2.0/3.14/4.0 Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. | 8.8 |
| 2018-01-04 | CVE-2017-1699 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Websphere MQ IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. | 3.3 |
| 2018-01-04 | CVE-2018-0752 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft products The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". | 7.8 |
| 2018-01-03 | CVE-2017-1000485 | Incorrect Permission Assignment for Critical Resource vulnerability in Nylas Mail Lives Project Nylas Mail 2.2.2 Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations. | 7.8 |
| 2018-01-03 | CVE-2017-1000461 | Incorrect Permission Assignment for Critical Resource vulnerability in Brave Browser 0.19.73 Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block). | 4.7 |
| 2017-12-20 | CVE-2017-5260 | Incorrect Permission Assignment for Critical Resource vulnerability in Cambiumnetworks products In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account. | 8.8 |
| 2017-12-20 | CVE-2017-1266 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 5.4 |
| 2017-12-19 | CVE-2017-15877 | Incorrect Permission Assignment for Critical Resource vulnerability in Sistemagpweb Gpweb 8.4.61 Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. | 9.8 |