Vulnerabilities > Incorrect Permission Assignment for Critical Resource
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-12 | CVE-2018-13412 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. | 7.2 |
2018-09-12 | CVE-2018-13411 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. | 9.0 |
2018-09-11 | CVE-2018-11078 | Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Vplex Geosynchrony Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. | 6.0 |
2018-09-08 | CVE-2018-16715 | Incorrect Permission Assignment for Critical Resource vulnerability in Absolute Ctes Windows Agent 1.0.0.1479 An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. | 6.5 |
2018-09-06 | CVE-2018-1000660 | Incorrect Permission Assignment for Critical Resource vulnerability in Tockos Tock 1.0/1.1 TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. | 5.0 |
2018-09-05 | CVE-2018-16145 | Incorrect Permission Assignment for Critical Resource vulnerability in Opsview The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance. | 9.3 |
2018-09-05 | CVE-2018-16545 | Incorrect Permission Assignment for Critical Resource vulnerability in Kzsoftware Asset Manager and Training Manager Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. | 6.8 |
2018-08-25 | CVE-2018-15869 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Packer An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | 5.0 |
2018-08-23 | CVE-2018-15809 | Incorrect Permission Assignment for Critical Resource vulnerability in Accupos 2017.8 AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. | 2.1 |
2018-08-20 | CVE-2018-1000226 | Incorrect Permission Assignment for Critical Resource vulnerability in Cobblerd Cobbler Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. | 7.5 |