Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-17 | CVE-2018-14981 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. | 9.8 |
| 2018-08-17 | CVE-2018-5546 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. | 7.8 |
| 2018-08-07 | CVE-2018-11454 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). | 8.6 |
| 2018-08-07 | CVE-2018-11453 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). | 7.8 |
| 2018-08-06 | CVE-2018-1551 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Websphere MQ IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. | 7.5 |
| 2018-08-03 | CVE-2018-5490 | Incorrect Permission Assignment for Critical Resource vulnerability in Netapp Clustered Data Ontap Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. | 8.8 |
| 2018-08-01 | CVE-2018-12467 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. | 6.5 |
| 2018-08-01 | CVE-2018-12466 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | 6.5 |
| 2018-08-01 | CVE-2016-8637 | Incorrect Permission Assignment for Critical Resource vulnerability in Dracut Project Dracut A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. | 7.8 |
| 2018-07-19 | CVE-2018-5540 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up. | 4.4 |