Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2019-15336 | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Z61 Firmware The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
| 2019-11-14 | CVE-2019-15335 | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Z92 Firmware The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
| 2019-11-14 | CVE-2019-15334 | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Iris 88 Firmware The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
| 2019-11-14 | CVE-2019-15333 | Incorrect Permission Assignment for Critical Resource vulnerability in Lavamobiles Flair Z1 Firmware The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. | 3.3 |
| 2019-11-14 | CVE-2019-11155 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Proset/Wireless Wifi Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | 7.1 |
| 2019-11-14 | CVE-2019-11154 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Proset/Wireless Wifi Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable denial of service and information disclosure via local access. | 7.1 |
| 2019-11-14 | CVE-2012-1160 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | 2.7 |
| 2019-11-14 | CVE-2019-18895 | Incorrect Permission Assignment for Critical Resource vulnerability in Scanguard Antivirus 20191112 Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. | 7.8 |
| 2019-11-12 | CVE-2019-1457 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Office 2016/2019 A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'. | 7.8 |
| 2019-11-11 | CVE-2019-18856 | Incorrect Permission Assignment for Critical Resource vulnerability in Drupal SVG Sanitizer A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | 7.5 |