Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-22 | CVE-2020-24578 | Incorrect Permission Assignment for Critical Resource vulnerability in Dlink Dsl2888A Firmware An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. | 6.5 |
| 2020-12-22 | CVE-2018-15645 | Incorrect Permission Assignment for Critical Resource vulnerability in Odoo Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation. | 6.5 |
| 2020-12-17 | CVE-2020-25011 | Incorrect Permission Assignment for Critical Resource vulnerability in Kyland Kps2204 6 Port Managed Din-Rail Programmable Serial Device Firmware R0002.P05 A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser. | 9.8 |
| 2020-12-16 | CVE-2019-14480 | Incorrect Permission Assignment for Critical Resource vulnerability in Adremsoft Netcrunch AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | 9.8 |
| 2020-12-11 | CVE-2020-25191 | Incorrect Permission Assignment for Critical Resource vulnerability in NI Compactrio Firmware Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely. | 7.5 |
| 2020-12-10 | CVE-2020-8908 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). | 3.3 |
| 2020-12-09 | CVE-2020-7337 | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Virusscan Enterprise Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks. | 6.7 |
| 2020-11-30 | CVE-2020-4625 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Cloud PAK for Security 1.3.0.1 IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.3 |
| 2020-11-25 | CVE-2020-29074 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. | 8.8 |
| 2020-11-19 | CVE-2020-11831 | Incorrect Permission Assignment for Critical Resource vulnerability in Oppo Ovoicemanager 2.0.1 OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. | 9.8 |