Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-11 | CVE-2019-12577 | Incorrect Permission Assignment for Critical Resource vulnerability in Londontrustmedia Private Internet Access VPN Client 82 A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. | 7.8 |
| 2019-07-09 | CVE-2019-13142 | Incorrect Permission Assignment for Critical Resource vulnerability in Razer Surround 1.1.63.0 The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. | 5.5 |
| 2019-07-03 | CVE-2019-13208 | Incorrect Permission Assignment for Critical Resource vulnerability in Maxx Waves Maxx Audio 1.9.29.0 WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. | 7.3 |
| 2019-07-03 | CVE-2018-14862 | Incorrect Permission Assignment for Critical Resource vulnerability in Odoo 10.0/11.0/9.0 Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request. | 6.5 |
| 2019-07-03 | CVE-2018-14861 | Incorrect Permission Assignment for Critical Resource vulnerability in Odoo 10.0/11.0 Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users. | 6.5 |
| 2019-07-03 | CVE-2018-14866 | Incorrect Permission Assignment for Critical Resource vulnerability in Odoo 10.0/11.0/9.0 Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs. | 4.3 |
| 2019-06-28 | CVE-2018-14916 | Incorrect Permission Assignment for Critical Resource vulnerability in Loytec Lgate-902 Firmware 6.3.2 LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. | 9.1 |
| 2019-06-28 | CVE-2018-14886 | Incorrect Permission Assignment for Critical Resource vulnerability in Odoo 10.0/11.0/9.0 The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description. | 4.9 |
| 2019-06-28 | CVE-2019-13012 | Incorrect Permission Assignment for Critical Resource vulnerability in Gnome Glib The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). | 7.5 |
| 2019-06-19 | CVE-2019-2023 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 8.0/8.1/9.0 In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. | 7.8 |