Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-29 | CVE-2018-6598 | Incorrect Permission Assignment for Critical Resource vulnerability in Orbic Wonder Rc555L Firmware 7.1.2 An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. | 7.1 |
| 2018-08-25 | CVE-2018-15869 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Packer An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | 5.3 |
| 2018-08-23 | CVE-2018-15809 | Incorrect Permission Assignment for Critical Resource vulnerability in Accupos 2017.8 AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. | 5.5 |
| 2018-08-20 | CVE-2018-1000226 | Incorrect Permission Assignment for Critical Resource vulnerability in Cobblerd Cobbler Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. | 9.8 |
| 2018-08-20 | CVE-2018-1000649 | Incorrect Permission Assignment for Critical Resource vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. | 8.8 |
| 2018-08-18 | CVE-2018-15491 | Incorrect Permission Assignment for Critical Resource vulnerability in Zemana Antilogger A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). | 7.5 |
| 2018-08-17 | CVE-2018-15482 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. | 9.8 |
| 2018-08-17 | CVE-2018-14982 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. | 9.8 |
| 2018-08-17 | CVE-2018-14981 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. | 9.8 |
| 2018-08-17 | CVE-2018-5546 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. | 7.8 |