Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-03 | CVE-2018-10856 | Incorrect Permission Assignment for Critical Resource vulnerability in Libpod Project Libpod It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. | 8.8 |
| 2018-07-02 | CVE-2018-10843 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. | 8.8 |
| 2018-06-29 | CVE-2018-13025 | Incorrect Permission Assignment for Critical Resource vulnerability in Yxcms 1.4.7 protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. | 4.9 |
| 2018-06-28 | CVE-2018-12922 | Incorrect Permission Assignment for Critical Resource vulnerability in Vertiv Liebert Intellislot Firmware Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. | 7.5 |
| 2018-06-27 | CVE-2018-1354 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortimanager An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | 6.5 |
| 2018-06-26 | CVE-2018-11053 | Incorrect Permission Assignment for Critical Resource vulnerability in Dell EMC Idrac Service Module Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. | 6.5 |
| 2018-06-26 | CVE-2018-1000547 | Incorrect Permission Assignment for Critical Resource vulnerability in Corebos 5.4/5.5/7.0 coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. | 5.3 |
| 2018-06-26 | CVE-2018-1000511 | Incorrect Permission Assignment for Critical Resource vulnerability in Wpulike Ulike 2.8.1/3.1 WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. | 7.5 |
| 2018-06-26 | CVE-2018-1000510 | Incorrect Permission Assignment for Critical Resource vulnerability in Silkypress Image Zoom 1.23 WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. | 6.5 |
| 2018-06-22 | CVE-2018-12642 | Incorrect Permission Assignment for Critical Resource vulnerability in Froxlor Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. | 7.5 |