Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-13 | CVE-2021-1126 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Secure Firewall Management Center A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. | 5.5 |
| 2021-01-13 | CVE-2019-4702 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
| 2021-01-11 | CVE-2021-0304 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. | 5.5 |
| 2021-01-04 | CVE-2020-36154 | Incorrect Permission Assignment for Critical Resource vulnerability in Pearson VUE Testing System 2.3.1911 The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application. | 7.8 |
| 2021-01-04 | CVE-2021-21494 | Incorrect Permission Assignment for Critical Resource vulnerability in Mk-Auth 19.01 MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. | 4.8 |
| 2020-12-28 | CVE-2020-25507 | Incorrect Permission Assignment for Critical Resource vulnerability in 3DS Teamwork Cloud An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. | 7.8 |
| 2020-12-24 | CVE-2020-28169 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM. | 7.0 |
| 2020-12-22 | CVE-2020-24578 | Incorrect Permission Assignment for Critical Resource vulnerability in Dlink Dsl2888A Firmware An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. | 6.5 |
| 2020-12-22 | CVE-2018-15645 | Incorrect Permission Assignment for Critical Resource vulnerability in Odoo Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation. | 6.5 |
| 2020-12-17 | CVE-2020-25011 | Incorrect Permission Assignment for Critical Resource vulnerability in Kyland Kps2204 6 Port Managed Din-Rail Programmable Serial Device Firmware R0002.P05 A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser. | 9.8 |