Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-04 | CVE-2017-18284 | Incorrect Permission Assignment for Critical Resource vulnerability in Burp Project Burp The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL. | 7.1 |
| 2018-06-02 | CVE-2018-11194 | Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). | 8.8 |
| 2018-06-02 | CVE-2018-11193 | Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). | 8.8 |
| 2018-06-02 | CVE-2018-11192 | Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). | 8.8 |
| 2018-06-02 | CVE-2018-11191 | Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). | 8.8 |
| 2018-05-29 | CVE-2018-1370 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 5.4 |
| 2018-05-23 | CVE-2018-11334 | Incorrect Permission Assignment for Critical Resource vulnerability in Windscribe 1.81 Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService. | 7.8 |
| 2018-05-15 | CVE-2017-2612 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK. | 5.4 |
| 2018-05-10 | CVE-2018-1115 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. | 9.1 |
| 2018-05-02 | CVE-2017-4952 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Xenon VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. | 7.5 |