Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-17 | CVE-2018-5546 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. | 7.8 |
| 2018-08-07 | CVE-2018-11454 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). | 8.6 |
| 2018-08-07 | CVE-2018-11453 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). | 7.8 |
| 2018-08-06 | CVE-2018-1551 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. | 7.5 |
| 2018-08-03 | CVE-2018-5490 | Incorrect Permission Assignment for Critical Resource vulnerability in Netapp Clustered Data Ontap Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. | 8.8 |
| 2018-08-01 | CVE-2018-12467 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. | 6.5 |
| 2018-08-01 | CVE-2018-12466 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | 6.5 |
| 2018-07-19 | CVE-2018-5540 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up. | 4.4 |
| 2018-07-18 | CVE-2018-0392 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. | 5.5 |
| 2018-07-13 | CVE-2018-1000211 | Incorrect Permission Assignment for Critical Resource vulnerability in Doorkeeper Project Doorkeeper Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. | 7.5 |