Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-02 | CVE-2018-3974 | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.45.61 An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. | 7.8 |
| 2019-04-02 | CVE-2019-4093 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Protect 8.1.7 IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. | 3.6 |
| 2019-04-01 | CVE-2018-19113 | Incorrect Permission Assignment for Critical Resource vulnerability in Pronestor Health Monitoring 8.1.11.0 The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file. | 4.4 |
| 2019-04-01 | CVE-2018-4050 | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.47 An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. | 7.2 |
| 2019-03-28 | CVE-2019-9166 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | 7.8 |
| 2019-03-27 | CVE-2017-9626 | Incorrect Permission Assignment for Critical Resource vulnerability in Marel Pluto1203 and Pluto2 Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. | 7.5 |
| 2019-03-27 | CVE-2018-12546 | Incorrect Permission Assignment for Critical Resource vulnerability in Eclipse Mosquitto In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. | 4.0 |
| 2019-03-21 | CVE-2018-18435 | Incorrect Permission Assignment for Critical Resource vulnerability in Kioware Server KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. | 7.2 |
| 2019-03-21 | CVE-2018-15508 | Incorrect Permission Assignment for Critical Resource vulnerability in Five9 Agent Desktop Plus 10.0.70 Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2). | 5.0 |
| 2019-03-18 | CVE-2018-15509 | Incorrect Permission Assignment for Critical Resource vulnerability in Five9 Agent Desktop Plus 10.0.70 Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2). | 7.5 |