Vulnerabilities > Incorrect Permission Assignment for Critical Resource

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-03	CVE-2019-19087	Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2). network low complexity gitlab CWE-732	4.3
2020-01-03	CVE-2019-19086	Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). network low complexity gitlab CWE-732	4.3
2019-12-30	CVE-2019-19736	Incorrect Permission Assignment for Critical Resource vulnerability in Mfscripts Yetishare MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie via cross-site scripting. network low complexity mfscripts CWE-732	6.1
2019-12-23	CVE-2019-3467	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. local low complexity debian skolelinux canonical CWE-732	7.8
2019-12-19	CVE-2019-19915	Incorrect Permission Assignment for Critical Resource vulnerability in Webfactoryltd 301 Redirects The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. network low complexity webfactoryltd CWE-732 critical	9.0
2019-12-19	CVE-2019-19341	Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.6.0/3.6.1 A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. local low complexity redhat CWE-732	5.5
2019-12-19	CVE-2019-8256	Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Coldfusion 2018 ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. network low complexity adobe CWE-732 critical	9.8
2019-12-18	CVE-2019-19882	Incorrect Permission Assignment for Critical Resource vulnerability in Shadow Project Shadow 4.8 shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. local low complexity shadow-project CWE-732	7.8
2019-12-17	CVE-2019-19315	Incorrect Permission Assignment for Critical Resource vulnerability in Nalpeiron Licensing Service 7.3.4.0 NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot. local low complexity nalpeiron CWE-732	7.1
2019-12-06	CVE-2019-9464	Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0 In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. local low complexity google CWE-732	5.5