Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-25 | CVE-2019-12670 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco IOS 16.10.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. | 4.6 |
| 2019-09-25 | CVE-2019-12245 | Incorrect Permission Assignment for Critical Resource vulnerability in Silverstripe SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). | 5.0 |
| 2019-09-24 | CVE-2019-13356 | Incorrect Permission Assignment for Critical Resource vulnerability in Totaldefense Anti-Virus 9.0.0.773 In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL. | 4.6 |
| 2019-09-24 | CVE-2019-13355 | Incorrect Permission Assignment for Critical Resource vulnerability in Totaldefense Anti-Virus 9.0.0.773 In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable. | 4.6 |
| 2019-09-17 | CVE-2019-9008 | Incorrect Permission Assignment for Critical Resource vulnerability in Codesys products An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. | 6.5 |
| 2019-09-16 | CVE-2019-15721 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. | 5.5 |
| 2019-09-16 | CVE-2019-11166 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Easy Streaming Wizard Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack. | 4.6 |
| 2019-09-09 | CVE-2019-16187 | Incorrect Permission Assignment for Critical Resource vulnerability in Limesurvey Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. | 5.0 |
| 2019-09-06 | CVE-2018-18630 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability was found in McKesson Cardiology product 13.x and 14.x. | 4.6 |
| 2019-08-28 | CVE-2019-15752 | Incorrect Permission Assignment for Critical Resource vulnerability in Docker Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. | 7.8 |