Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-05 | CVE-2018-16145 | Incorrect Permission Assignment for Critical Resource vulnerability in Opsview The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance. | 8.1 |
| 2018-09-05 | CVE-2018-16545 | Incorrect Permission Assignment for Critical Resource vulnerability in Kzsoftware Asset Manager and Training Manager Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. | 7.8 |
| 2018-08-29 | CVE-2018-6598 | Incorrect Permission Assignment for Critical Resource vulnerability in Orbic Wonder Rc555L Firmware 7.1.2 An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. | 7.1 |
| 2018-08-25 | CVE-2018-15869 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Packer An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | 5.3 |
| 2018-08-23 | CVE-2018-15809 | Incorrect Permission Assignment for Critical Resource vulnerability in Accupos 2017.8 AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. | 5.5 |
| 2018-08-20 | CVE-2018-1000226 | Incorrect Permission Assignment for Critical Resource vulnerability in Cobblerd Cobbler Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. | 9.8 |
| 2018-08-20 | CVE-2018-1000649 | Incorrect Permission Assignment for Critical Resource vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. | 8.8 |
| 2018-08-18 | CVE-2018-15491 | Incorrect Permission Assignment for Critical Resource vulnerability in Zemana Antilogger A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). | 7.5 |
| 2018-08-17 | CVE-2018-15482 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. | 9.8 |
| 2018-08-17 | CVE-2018-14982 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. | 9.8 |