Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-1000072 | Incorrect Permission Assignment for Critical Resource vulnerability in Iredmail iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. | 7.5 |
| 2018-03-13 | CVE-2018-1000071 | Incorrect Permission Assignment for Critical Resource vulnerability in Roundcube Webmail roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. | 7.5 |
| 2018-03-12 | CVE-2018-6623 | Incorrect Permission Assignment for Critical Resource vulnerability in Hola VPN 1.79.859 An issue was discovered in Hola 1.79.859. | 8.8 |
| 2018-03-12 | CVE-2017-18226 | Incorrect Permission Assignment for Critical Resource vulnerability in Jabberd2 The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command. | 5.5 |
| 2018-03-12 | CVE-2017-18225 | Incorrect Permission Assignment for Critical Resource vulnerability in Jabberd2 The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs. | 7.8 |
| 2018-03-09 | CVE-2018-7581 | Incorrect Permission Assignment for Critical Resource vulnerability in Weblogexpert Weblog Expert 9.4 \ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin. | 7.8 |
| 2018-03-09 | CVE-2018-1069 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift 3.7 Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. | 7.1 |
| 2018-03-08 | CVE-2018-5313 | Incorrect Permission Assignment for Critical Resource vulnerability in Rapidscada Rapid Scada 5.5.0 A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. | 7.8 |
| 2018-03-01 | CVE-2017-6928 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. | 5.3 |
| 2018-03-01 | CVE-2017-9268 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption). | 6.5 |