Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-24 | CVE-2019-13356 | Incorrect Permission Assignment for Critical Resource vulnerability in Totaldefense Anti-Virus 9.0.0.773 In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL. | 7.8 |
| 2019-09-24 | CVE-2019-13355 | Incorrect Permission Assignment for Critical Resource vulnerability in Totaldefense Anti-Virus 9.0.0.773 In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable. | 7.8 |
| 2019-09-17 | CVE-2019-9008 | Incorrect Permission Assignment for Critical Resource vulnerability in Codesys products An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. | 8.8 |
| 2019-09-16 | CVE-2019-15721 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. | 5.4 |
| 2019-09-16 | CVE-2019-11166 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Easy Streaming Wizard Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack. | 6.7 |
| 2019-09-16 | CVE-2019-16354 | Incorrect Permission Assignment for Critical Resource vulnerability in Beego 1.10.0 The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. | 4.7 |
| 2019-09-09 | CVE-2019-16187 | Incorrect Permission Assignment for Critical Resource vulnerability in Limesurvey Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. | 7.5 |
| 2019-09-06 | CVE-2018-18630 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability was found in McKesson Cardiology product 13.x and 14.x. | 7.8 |
| 2019-09-05 | CVE-2019-12645 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Jabber 12.5(0) A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. | 7.8 |
| 2019-09-05 | CVE-2019-12635 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Content Security Management Appliance A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. | 4.3 |