Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2017-04-12 CVE-2017-3006 Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Creative Cloud
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.
network
low complexity
adobe CWE-732
8.8
2017-04-05 CVE-2017-0884 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue.
network
low complexity
nextcloud CWE-732
4.3
2017-04-05 CVE-2017-0883 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue.
network
low complexity
nextcloud CWE-732
6.4
2017-04-05 CVE-2017-6338 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Interscan web Security Virtual Appliance
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
network
low complexity
trendmicro CWE-732
6.5
2017-04-04 CVE-2017-7307 Incorrect Permission Assignment for Critical Resource vulnerability in Riverbed Rios
Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file.
low complexity
riverbed CWE-732
6.8
2017-03-24 CVE-2017-5199 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds LOG and Event Manager
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.
network
low complexity
solarwinds CWE-732
8.8
2017-03-23 CVE-2017-6950 Incorrect Permission Assignment for Critical Resource vulnerability in SAP GUI for Windows
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
network
low complexity
sap CWE-732
critical
9.8
2017-03-23 CVE-2017-7199 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode.
local
low complexity
tenable CWE-732
7.8
2017-03-20 CVE-2017-6356 Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Terminal Services Agent 6.0/7.0/8.0
Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors.
network
low complexity
paloaltonetworks CWE-732
5.3
2017-03-03 CVE-2017-2290 Incorrect Permission Assignment for Critical Resource vulnerability in Puppet Mcollective-Puppet-Agent 1.12.0
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run.
network
low complexity
puppet CWE-732
8.8