Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-16 | CVE-2019-15084 | Incorrect Permission Assignment for Critical Resource vulnerability in Maxx Waves Maxx Audio 1.6.2.0 Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. | 7.8 |
| 2019-08-15 | CVE-2018-12357 | Incorrect Permission Assignment for Critical Resource vulnerability in Arista Cloudvision Portal Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. | 6.5 |
| 2019-08-14 | CVE-2019-0341 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Enable NOW 1902 The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. | 8.8 |
| 2019-08-13 | CVE-2019-12808 | Incorrect Permission Assignment for Critical Resource vulnerability in Estsoft Altools 18.1 ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. | 7.8 |
| 2019-08-12 | CVE-2019-14969 | Incorrect Permission Assignment for Critical Resource vulnerability in Netwrix Auditor 9.7 Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. | 7.8 |
| 2019-08-12 | CVE-2019-14935 | Incorrect Permission Assignment for Critical Resource vulnerability in 3CX 15 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. | 7.8 |
| 2019-08-07 | CVE-2019-1944 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Adaptive Security Appliance Software Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. | 7.3 |
| 2019-08-07 | CVE-2019-14743 | Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access. | 6.6 |
| 2019-08-05 | CVE-2019-11270 | Incorrect Permission Assignment for Critical Resource vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess. | 7.5 |
| 2019-08-01 | CVE-2018-20936 | Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | 3.3 |