Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2018-19113 | Incorrect Permission Assignment for Critical Resource vulnerability in Pronestor Health Monitoring 8.1.11.0 The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file. | 7.3 |
| 2019-04-01 | CVE-2018-4050 | Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.47 An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. | 7.8 |
| 2019-03-28 | CVE-2019-9166 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | 7.8 |
| 2019-03-27 | CVE-2017-9626 | Incorrect Permission Assignment for Critical Resource vulnerability in Marel Pluto1203 and Pluto2 Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. | 9.8 |
| 2019-03-27 | CVE-2018-12546 | Incorrect Permission Assignment for Critical Resource vulnerability in Eclipse Mosquitto In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. | 6.5 |
| 2019-03-21 | CVE-2018-18435 | Incorrect Permission Assignment for Critical Resource vulnerability in Kioware Server KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. | 7.8 |
| 2019-03-21 | CVE-2018-15508 | Incorrect Permission Assignment for Critical Resource vulnerability in Five9 Agent Desktop Plus 10.0.70 Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2). | 7.5 |
| 2019-03-18 | CVE-2018-15509 | Incorrect Permission Assignment for Critical Resource vulnerability in Five9 Agent Desktop Plus 10.0.70 Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2). | 9.8 |
| 2019-03-15 | CVE-2018-19393 | Incorrect Permission Assignment for Critical Resource vulnerability in Cobham products Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. | 7.5 |
| 2019-03-15 | CVE-2018-18254 | Incorrect Permission Assignment for Critical Resource vulnerability in Capmon Access Manager 5.4.1.1005 An issue was discovered in CapMon Access Manager 5.4.1.1005. | 7.8 |