Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-1000511 | Incorrect Permission Assignment for Critical Resource vulnerability in Wpulike Ulike 2.8.1/3.1 WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. | 7.5 |
| 2018-06-26 | CVE-2018-1000510 | Incorrect Permission Assignment for Critical Resource vulnerability in Silkypress Image Zoom 1.23 WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. | 6.5 |
| 2018-06-22 | CVE-2018-12642 | Incorrect Permission Assignment for Critical Resource vulnerability in Froxlor Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. | 7.5 |
| 2018-06-21 | CVE-2018-12615 | Incorrect Permission Assignment for Critical Resource vulnerability in Phusion Passenger An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. | 5.3 |
| 2018-06-19 | CVE-2018-11116 | Incorrect Permission Assignment for Critical Resource vulnerability in Openwrt OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. | 8.8 |
| 2018-06-17 | CVE-2018-12028 | Incorrect Permission Assignment for Critical Resource vulnerability in Phusion Passenger 5.3.0/5.3.1 An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. | 7.8 |
| 2018-06-17 | CVE-2018-12027 | Incorrect Permission Assignment for Critical Resource vulnerability in Phusion Passenger 5.3.0/5.3.1 An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket. | 8.8 |
| 2018-06-17 | CVE-2018-12335 | Incorrect Permission Assignment for Critical Resource vulnerability in Ecos System Management Appliance 5.2.68 Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment. | 7.3 |
| 2018-06-15 | CVE-2018-12457 | Incorrect Permission Assignment for Critical Resource vulnerability in Expresscart Project Expresscart expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. | 8.8 |
| 2018-06-14 | CVE-2018-1036 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft products An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 7.0 |