Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-12 | CVE-2019-1457 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Office 2016/2019 A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'. | 7.8 |
| 2019-11-11 | CVE-2019-18856 | Incorrect Permission Assignment for Critical Resource vulnerability in Drupal SVG Sanitizer A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | 7.5 |
| 2019-11-08 | CVE-2019-13535 | Incorrect Permission Assignment for Critical Resource vulnerability in Medtronic products In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. | 4.6 |
| 2019-11-08 | CVE-2019-3425 | Incorrect Permission Assignment for Critical Resource vulnerability in ZTE Zxupn-9000E Firmware The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. | 8.8 |
| 2019-11-08 | CVE-2019-3866 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openstack-Mistral An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. | 5.5 |
| 2019-11-08 | CVE-2019-14824 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. | 6.5 |
| 2019-11-07 | CVE-2007-5743 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | 7.5 |
| 2019-11-06 | CVE-2019-5642 | Incorrect Permission Assignment for Critical Resource vulnerability in Rapid7 Metasploit 4.15.0/4.15.1/4.16.0 Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. | 3.3 |
| 2019-11-05 | CVE-2019-5068 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. | 4.4 |
| 2019-11-05 | CVE-2016-4983 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | 3.3 |