Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-21 | CVE-2019-15315 | Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch. | 7.2 |
| 2019-08-20 | CVE-2019-11806 | Incorrect Permission Assignment for Critical Resource vulnerability in Open-Xchange Appsuite OX App Suite 7.10.1 and earlier has Insecure Permissions. | 2.1 |
| 2019-08-17 | CVE-2019-13069 | Incorrect Permission Assignment for Critical Resource vulnerability in Extenua Silvershield extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. | 7.2 |
| 2019-08-16 | CVE-2019-7958 | Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Creative Cloud Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. | 10.0 |
| 2019-08-16 | CVE-2019-15119 | Incorrect Permission Assignment for Critical Resource vulnerability in NPS Project NPS lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user. | 5.8 |
| 2019-08-16 | CVE-2019-15084 | Incorrect Permission Assignment for Critical Resource vulnerability in Maxx Waves Maxx Audio 1.6.2.0 Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. | 7.2 |
| 2019-08-15 | CVE-2018-12357 | Incorrect Permission Assignment for Critical Resource vulnerability in Arista Cloudvision Portal Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. | 4.0 |
| 2019-08-14 | CVE-2019-0341 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Enable NOW 1902 The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. | 4.0 |
| 2019-08-12 | CVE-2019-14969 | Incorrect Permission Assignment for Critical Resource vulnerability in Netwrix Auditor 9.7 Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. | 6.9 |
| 2019-08-12 | CVE-2019-14935 | Incorrect Permission Assignment for Critical Resource vulnerability in 3CX 15 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. | 4.6 |