Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-06 | CVE-2018-13110 | Incorrect Permission Assignment for Critical Resource vulnerability in Adbglobal products All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks. | 7.5 |
| 2018-07-03 | CVE-2018-13122 | Incorrect Permission Assignment for Critical Resource vulnerability in Onefilecms onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI. | 6.5 |
| 2018-07-03 | CVE-2017-0913 | Incorrect Permission Assignment for Critical Resource vulnerability in Ubnt Ucrm Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. | 4.7 |
| 2018-07-03 | CVE-2018-11642 | Incorrect Permission Assignment for Critical Resource vulnerability in Dialogic Powermedia XMS 3.5 Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | 7.8 |
| 2018-07-03 | CVE-2018-1113 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat products setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. | 5.3 |
| 2018-07-03 | CVE-2018-10856 | Incorrect Permission Assignment for Critical Resource vulnerability in Libpod Project Libpod It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. | 8.8 |
| 2018-07-02 | CVE-2018-10843 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. | 8.8 |
| 2018-06-29 | CVE-2018-13025 | Incorrect Permission Assignment for Critical Resource vulnerability in Yxcms 1.4.7 protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. | 4.9 |
| 2018-06-28 | CVE-2018-12922 | Incorrect Permission Assignment for Critical Resource vulnerability in Vertiv Liebert Intellislot Firmware Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. | 7.5 |
| 2018-06-27 | CVE-2018-1354 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortimanager An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | 6.5 |