Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-17 | CVE-2019-5222 | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Honor Magic 2 Firmware 10.0.0.187(C00E61R2P11)/Tonyal00B/Tonytl00B9.0.0.182(C00E180R2P2) There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). | 5.5 |
| 2019-07-17 | CVE-2019-12876 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. | 7.3 |
| 2019-07-15 | CVE-2019-1010009 | Incorrect Permission Assignment for Critical Resource vulnerability in Dglogik Dglux Server DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. | 9.8 |
| 2019-07-11 | CVE-2019-12577 | Incorrect Permission Assignment for Critical Resource vulnerability in Londontrustmedia Private Internet Access VPN Client 82 A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. | 7.8 |
| 2019-07-09 | CVE-2019-13142 | Incorrect Permission Assignment for Critical Resource vulnerability in Razer Surround 1.1.63.0 The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. | 5.5 |
| 2019-07-03 | CVE-2019-13208 | Incorrect Permission Assignment for Critical Resource vulnerability in Maxx Waves Maxx Audio 1.9.29.0 WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. | 7.3 |
| 2019-07-03 | CVE-2018-14862 | Incorrect Permission Assignment for Critical Resource vulnerability in Odoo 10.0/11.0/9.0 Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request. | 6.5 |
| 2019-07-03 | CVE-2018-14861 | Incorrect Permission Assignment for Critical Resource vulnerability in Odoo 10.0/11.0 Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users. | 6.5 |
| 2019-07-03 | CVE-2018-14866 | Incorrect Permission Assignment for Critical Resource vulnerability in Odoo 10.0/11.0/9.0 Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs. | 4.3 |
| 2019-06-28 | CVE-2018-14916 | Incorrect Permission Assignment for Critical Resource vulnerability in Loytec Lgate-902 Firmware 6.3.2 LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. | 9.1 |