Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2021-3165 | Incorrect Permission Assignment for Critical Resource vulnerability in Missionlabs Smartagent 3.1.0 SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI. | 8.8 |
| 2021-01-26 | CVE-2020-17522 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Traffic Control When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. | 5.8 |
| 2021-01-19 | CVE-2020-28482 | Incorrect Permission Assignment for Critical Resource vulnerability in Fastify Fastify-Csrf This affects the package fastify-csrf before 3.0.0. | 8.8 |
| 2021-01-13 | CVE-2021-1126 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Firepower Management Center A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. | 5.5 |
| 2021-01-13 | CVE-2019-4702 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Guardium Data Encrpytion 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
| 2021-01-11 | CVE-2021-0304 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. | 5.5 |
| 2021-01-04 | CVE-2020-36154 | Incorrect Permission Assignment for Critical Resource vulnerability in Pearson VUE Testing System 2.3.1911 The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application. | 7.8 |
| 2021-01-04 | CVE-2021-21494 | Incorrect Permission Assignment for Critical Resource vulnerability in Mk-Auth 19.01 MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. | 4.8 |
| 2020-12-28 | CVE-2020-25507 | Incorrect Permission Assignment for Critical Resource vulnerability in 3DS Teamwork Cloud An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. | 7.8 |
| 2020-12-24 | CVE-2020-28169 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM. | 7.0 |