Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-28	CVE-2019-15752	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. local low complexity docker apache CWE-732	7.8
2019-08-21	CVE-2019-15316	Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. local high complexity valvesoftware CWE-732	7.0
2019-08-21	CVE-2019-15315	Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch. local low complexity valvesoftware CWE-732	7.8
2019-08-20	CVE-2019-11806	Incorrect Permission Assignment for Critical Resource vulnerability in Open-Xchange Appsuite OX App Suite 7.10.1 and earlier has Insecure Permissions. local low complexity open-xchange CWE-732	3.3
2019-08-17	CVE-2019-13069	Incorrect Permission Assignment for Critical Resource vulnerability in Extenua Silvershield extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. local low complexity extenua CWE-732	7.8
2019-08-16	CVE-2019-7958	Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Creative Cloud Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. network low complexity adobe CWE-732 critical	9.8
2019-08-16	CVE-2019-15119	Incorrect Permission Assignment for Critical Resource vulnerability in NPS Project NPS lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user. local low complexity nps-project CWE-732	5.5
2019-08-16	CVE-2019-15084	Incorrect Permission Assignment for Critical Resource vulnerability in Maxx Waves Maxx Audio 1.6.2.0 Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. local low complexity maxx CWE-732	7.8
2019-08-15	CVE-2018-12357	Incorrect Permission Assignment for Critical Resource vulnerability in Arista Cloudvision Portal Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. network low complexity arista CWE-732	6.5
2019-08-14	CVE-2019-0341	Incorrect Permission Assignment for Critical Resource vulnerability in SAP Enable NOW 1902 The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. network low complexity sap CWE-732	8.8