Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-01 | CVE-2011-3923 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | 9.8 |
| 2019-10-31 | CVE-2019-18422 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. | 8.8 |
| 2019-10-30 | CVE-2010-0747 | Incorrect Permission Assignment for Critical Resource vulnerability in Linbit Drbd8 2.6.26 drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. | 7.8 |
| 2019-10-30 | CVE-2010-0737 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Jboss Operations Network A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. | 8.0 |
| 2019-10-25 | CVE-2016-5202 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Chrome browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | 9.1 |
| 2019-10-24 | CVE-2019-18409 | Incorrect Permission Assignment for Critical Resource vulnerability in Zenspider Ruby Parser-Legacy 1.0.0 The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. | 7.8 |
| 2019-10-17 | CVE-2019-18192 | Incorrect Permission Assignment for Critical Resource vulnerability in GNU Guix 1.0.1 GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. | 7.8 |
| 2019-10-17 | CVE-2019-8071 | Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Download Manager 2.0.0.363 Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. | 9.8 |
| 2019-10-11 | CVE-2019-11167 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Smart Connect Technology Improper file permission in software installer for Intel(R) Smart Connect Technology for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2019-10-10 | CVE-2019-11528 | Incorrect Permission Assignment for Critical Resource vulnerability in Softing Uagate SI Firmware 1.60.01 An issue was discovered in Softing uaGate SI 1.60.01. | 7.5 |