Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-7263 Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Endpoint Security
Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.
local
low complexity
mcafee CWE-732
6.7
2020-03-25 CVE-2020-10883 Incorrect Permission Assignment for Critical Resource vulnerability in Tp-Link Ac1750 Firmware 190726
This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers.
local
low complexity
tp-link CWE-732
7.8
2020-03-25 CVE-2020-5281 Incorrect Permission Assignment for Critical Resource vulnerability in Cesnet Perun
In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP.
network
low complexity
cesnet CWE-732
7.5
2020-03-20 CVE-2020-1709 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift
A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki.
local
low complexity
redhat CWE-732
7.8
2020-03-20 CVE-2020-1707 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift
A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb.
local
high complexity
redhat CWE-732
7.0
2020-03-18 CVE-2019-19335 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift 4.0/4.2
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files.
local
low complexity
redhat CWE-732
4.4
2020-03-16 CVE-2020-3948 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Fusion and Workstation
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint.
local
low complexity
vmware CWE-732
7.8
2020-03-16 CVE-2019-5543 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Horizon Client, Remote Console and Workstation
For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users.
local
low complexity
vmware CWE-732
7.8
2020-03-16 CVE-2020-1736 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified.
local
low complexity
redhat fedoraproject CWE-732
3.3
2020-03-15 CVE-2019-2089 Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0
In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID.
local
low complexity
google CWE-732
7.8