Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-13 | CVE-2019-12808 | Incorrect Permission Assignment for Critical Resource vulnerability in Estsoft Altools 18.1 ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. | 7.8 |
| 2019-08-12 | CVE-2019-14969 | Incorrect Permission Assignment for Critical Resource vulnerability in Netwrix Auditor 9.7 Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. | 7.8 |
| 2019-08-12 | CVE-2019-14935 | Incorrect Permission Assignment for Critical Resource vulnerability in 3CX 15 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. | 7.8 |
| 2019-08-07 | CVE-2019-1944 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Adaptive Security Appliance Software Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. | 7.3 |
| 2019-08-07 | CVE-2019-14743 | Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access. | 6.6 |
| 2019-08-05 | CVE-2019-11270 | Incorrect Permission Assignment for Critical Resource vulnerability in Pivotal Software Cloud Foundry UAA Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess. | 7.5 |
| 2019-08-01 | CVE-2018-20936 | Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | 3.3 |
| 2019-08-01 | CVE-2018-20909 | Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338). | 7.1 |
| 2019-08-01 | CVE-2018-20908 | Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). | 5.5 |
| 2019-08-01 | CVE-2018-20907 | Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). | 4.3 |