Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-07 | CVE-2020-8635 | Incorrect Permission Assignment for Critical Resource vulnerability in Wftpserver Wing FTP Server 6.2.3 Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. | 7.8 |
| 2020-03-05 | CVE-2020-4278 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM products IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. | 7.8 |
| 2020-02-17 | CVE-2020-8768 | Incorrect Permission Assignment for Critical Resource vulnerability in Phoenixcontact ILC 2050 Bi-L Firmware and ILC 2050 BI Firmware An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. | 9.4 |
| 2020-02-17 | CVE-2020-1704 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Service Mesh 1.0/1.0.7 An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. | 7.8 |
| 2020-02-17 | CVE-2020-9024 | Incorrect Permission Assignment for Critical Resource vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2 Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. | 9.8 |
| 2020-02-15 | CVE-2020-7050 | Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4 Codologic Codoforum through 4.8.4 allows a DOM-based XSS. | 5.4 |
| 2020-02-14 | CVE-2019-11215 | Incorrect Permission Assignment for Critical Resource vulnerability in Combodo Itop In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. | 8.1 |
| 2020-02-13 | CVE-2020-0563 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Manycore Platform Software Stack Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2020-02-13 | CVE-2020-7051 | Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4 Codologic Codoforum through 4.8.4 allows stored XSS in the login area. | 6.1 |
| 2020-02-11 | CVE-2020-0668 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |