Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-24 | CVE-2018-11792 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. | 9.8 |
| 2018-10-23 | CVE-2018-17873 | Incorrect Permission Assignment for Critical Resource vulnerability in Wifiranger Firmware An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account. | 8.8 |
| 2018-10-19 | CVE-2017-18348 | Incorrect Permission Assignment for Critical Resource vulnerability in Splunk Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access. | 7.0 |
| 2018-10-18 | CVE-2018-11080 | Incorrect Permission Assignment for Critical Resource vulnerability in EMC Secure Remote Services Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. | 7.8 |
| 2018-10-17 | CVE-2018-7924 | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Anne-Al00 Firmware 8.0.0.151(C00) Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. | 2.4 |
| 2018-10-16 | CVE-2018-13399 | Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Fisheye The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | 7.8 |
| 2018-10-11 | CVE-2018-1724 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum LSF IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. | 5.3 |
| 2018-10-10 | CVE-2018-12173 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel products Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access. | 7.6 |
| 2018-10-10 | CVE-2018-12131 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel products Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access. | 7.8 |
| 2018-10-10 | CVE-2018-8411 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft products An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.8 |