Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-15379 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Prime Infrastructure A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. | 7.5 |
| 2018-10-05 | CVE-2018-0422 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. | 6.9 |
| 2018-10-04 | CVE-2018-17872 | Incorrect Permission Assignment for Critical Resource vulnerability in Verint products Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions. | 6.5 |
| 2018-10-02 | CVE-2018-6261 | Incorrect Permission Assignment for Critical Resource vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access. | 4.4 |
| 2018-10-01 | CVE-2018-1420 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. | 4.0 |
| 2018-09-28 | CVE-2018-17776 | Incorrect Permission Assignment for Critical Resource vulnerability in Pcprotect Antivirus 4.8.35 PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | 6.8 |
| 2018-09-27 | CVE-2018-14650 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. | 5.0 |
| 2018-09-26 | CVE-2018-16588 | Incorrect Permission Assignment for Critical Resource vulnerability in Suse Shadow Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). | 4.6 |
| 2018-09-26 | CVE-2018-14327 | Incorrect Permission Assignment for Critical Resource vulnerability in EE Ee40Vb Firmware The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory. | 9.3 |
| 2018-09-25 | CVE-2018-6040 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page. | 6.5 |