Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-08 | CVE-2019-13535 | Incorrect Permission Assignment for Critical Resource vulnerability in Medtronic products In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. | 4.6 |
| 2019-11-08 | CVE-2019-3425 | Incorrect Permission Assignment for Critical Resource vulnerability in ZTE Zxupn-9000E Firmware The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. | 8.8 |
| 2019-11-08 | CVE-2019-3866 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openstack-Mistral An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. | 5.5 |
| 2019-11-08 | CVE-2019-14824 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. | 6.5 |
| 2019-11-07 | CVE-2007-5743 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | 7.5 |
| 2019-11-06 | CVE-2019-5642 | Incorrect Permission Assignment for Critical Resource vulnerability in Rapid7 Metasploit 4.15.0/4.15.1/4.16.0 Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. | 3.3 |
| 2019-11-05 | CVE-2019-5068 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. | 4.4 |
| 2019-11-05 | CVE-2016-4983 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | 3.3 |
| 2019-11-05 | CVE-2019-10084 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. | 7.5 |
| 2019-11-01 | CVE-2013-4367 | Incorrect Permission Assignment for Critical Resource vulnerability in Ovirt Ovirt-Engine 3.2 ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | 7.8 |