Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-21 | CVE-2017-9780 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. | 7.8 |
| 2017-06-16 | CVE-2017-9602 | Incorrect Permission Assignment for Critical Resource vulnerability in Kbvault Mysql Project Kbvault Mysql 0.16A KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. | 9.8 |
| 2017-06-15 | CVE-2017-9606 | Incorrect Permission Assignment for Critical Resource vulnerability in Infotecs Vipnet Client and Vipnet Coordinator Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. | 7.3 |
| 2017-06-07 | CVE-2017-7563 | Incorrect Permission Assignment for Critical Resource vulnerability in ARM Trusted Firmware In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. | 8.1 |
| 2017-06-06 | CVE-2017-9462 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | 8.8 |
| 2017-05-27 | CVE-2017-7337 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiportal An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. | 9.1 |
| 2017-05-21 | CVE-2017-9136 | Incorrect Permission Assignment for Critical Resource vulnerability in Mimosa Backhaul Radios and Client Radios An issue was discovered on Mimosa Client Radios before 2.2.3. | 7.5 |
| 2017-05-19 | CVE-2017-9079 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. | 4.7 |
| 2017-05-17 | CVE-2017-7493 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. | 7.8 |
| 2017-05-12 | CVE-2017-0601 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. | 5.5 |