Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-18 | CVE-2019-12133 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. | 7.8 |
| 2019-06-17 | CVE-2018-19446 | Incorrect Permission Assignment for Critical Resource vulnerability in Foxitsoftware Foxit PDF SDK Activex 5.4.0.1031/5.5.0 A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. | 7.8 |
| 2019-06-14 | CVE-2019-2257 | Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm products Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 855, SDA660, SDM660, SDX20, SDX24 | 7.8 |
| 2019-06-13 | CVE-2018-3702 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel ITE Tech Consumer Infrared Driver Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2019-06-07 | CVE-2018-19860 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command. | 8.8 |
| 2019-06-07 | CVE-2019-12777 | Incorrect Permission Assignment for Critical Resource vulnerability in Enttec products An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. | 7.8 |
| 2019-06-07 | CVE-2019-8283 | Incorrect Permission Assignment for Critical Resource vulnerability in Gemalto Sentinel LDK Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. | 6.5 |
| 2019-06-05 | CVE-2018-10171 | Incorrect Permission Assignment for Critical Resource vulnerability in Kromtech Mackeeper 3.20.4 Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component. | 9.8 |
| 2019-06-03 | CVE-2019-12373 | Incorrect Permission Assignment for Critical Resource vulnerability in Ivanti Landesk Management Suite 10.0.1.168 Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. | 9.0 |
| 2019-06-03 | CVE-2019-12589 | Incorrect Permission Assignment for Critical Resource vulnerability in Firejail Project Firejail In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. | 8.8 |