Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-13 | CVE-2017-1716 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Workload Scheduler 8.6/9.1/9.2 IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. | 3.3 |
| 2017-12-13 | CVE-2017-17568 | Incorrect Permission Assignment for Critical Resource vulnerability in Scubez Posty Readymade Classifieds Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | 7.5 |
| 2017-12-06 | CVE-2017-13168 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An elevation of privilege vulnerability in the kernel scsi driver. | 7.8 |
| 2017-12-01 | CVE-2017-16895 | Incorrect Permission Assignment for Critical Resource vulnerability in Arqbackup ARQ The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet. | 7.8 |
| 2017-11-24 | CVE-2017-16933 | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. | 7.0 |
| 2017-11-22 | CVE-2017-8158 | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Fusioncompute V100R005C00/V100R005C10 FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. | 6.5 |
| 2017-11-18 | CVE-2017-16882 | Incorrect Permission Assignment for Critical Resource vulnerability in Icinga Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. | 7.8 |
| 2017-11-17 | CVE-2017-1000221 | Incorrect Permission Assignment for Critical Resource vulnerability in Apereo Opencast In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. | 6.5 |
| 2017-11-17 | CVE-2017-1000125 | Incorrect Permission Assignment for Critical Resource vulnerability in Codiad Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | 7.5 |
| 2017-11-16 | CVE-2017-0845 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android A denial of service vulnerability in the Android framework (syncstorageengine). | 7.5 |