Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE CVE VULNERABILITY TITLE RISK
2019-11-26 CVE-2019-18459 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature.
network
low complexity
gitlab CWE-732
5.3
5.3
2019-11-26 CVE-2019-18463 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition through 12.4.
network
low complexity
gitlab CWE-732
4.3
4.3
2019-11-26 CVE-2019-18462 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4.
network
low complexity
gitlab CWE-732
4.3
4.3
2019-11-25 CVE-2019-13681 Incorrect Permission Assignment for Critical Resource vulnerability in Google Chrome
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
network
low complexity
google CWE-732
4.3
4.3
2019-11-25 CVE-2019-13679 Incorrect Permission Assignment for Critical Resource vulnerability in Google Chrome
Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.
local
low complexity
google CWE-732
3.3
3.3
2019-11-25 CVE-2019-13677 Incorrect Permission Assignment for Critical Resource vulnerability in Google Chrome
Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
network
low complexity
google CWE-732
6.5
6.5
2019-11-25 CVE-2019-13676 Incorrect Permission Assignment for Critical Resource vulnerability in Google Chrome
Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google CWE-732
4.3
4.3
2019-11-25 CVE-2019-13665 Incorrect Permission Assignment for Critical Resource vulnerability in Google Chrome
Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.
network
low complexity
google CWE-732
6.5
6.5
2019-11-22 CVE-2019-4214 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Smartcloud Analytics LOG Analysis
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies.
network
high complexity
ibm CWE-732
3.7
3.7
2019-11-21 CVE-2019-19197 Incorrect Permission Assignment for Critical Resource vulnerability in Kyrolsecuritylabs Kyrol Internet Security 9.0.6.9
IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 using METHOD_NEITHER results in a read primitive.
local
low complexity
kyrolsecuritylabs CWE-732
7.8
7.8