Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-03 | CVE-2017-0913 | Incorrect Permission Assignment for Critical Resource vulnerability in Ubnt Ucrm Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. | 4.7 |
| 2018-07-03 | CVE-2018-11642 | Incorrect Permission Assignment for Critical Resource vulnerability in Dialogic Powermedia XMS 3.5 Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | 7.8 |
| 2018-07-03 | CVE-2018-1113 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat products setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. | 5.3 |
| 2018-07-03 | CVE-2018-10856 | Incorrect Permission Assignment for Critical Resource vulnerability in Libpod Project Libpod It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. | 8.8 |
| 2018-07-02 | CVE-2018-10843 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. | 8.8 |
| 2018-06-29 | CVE-2018-13025 | Incorrect Permission Assignment for Critical Resource vulnerability in Yxcms 1.4.7 protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. | 4.9 |
| 2018-06-28 | CVE-2018-12922 | Incorrect Permission Assignment for Critical Resource vulnerability in Vertiv Liebert Intellislot Firmware Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. | 7.5 |
| 2018-06-27 | CVE-2018-1354 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortimanager An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | 6.5 |
| 2018-06-26 | CVE-2018-11053 | Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Idrac Service Module Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. | 6.5 |
| 2018-06-26 | CVE-2018-1000547 | Incorrect Permission Assignment for Critical Resource vulnerability in Corebos 5.4/5.5/7.0 coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. | 5.3 |