Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-03 | CVE-2018-14866 | Incorrect Permission Assignment for Critical Resource vulnerability in Odoo 10.0/11.0/9.0 Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs. | 4.0 |
| 2019-06-28 | CVE-2018-14916 | Incorrect Permission Assignment for Critical Resource vulnerability in Loytec Lgate-902 Firmware LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. | 9.4 |
| 2019-06-28 | CVE-2018-14886 | Incorrect Permission Assignment for Critical Resource vulnerability in Odoo 10.0/11.0/9.0 The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description. | 4.0 |
| 2019-06-28 | CVE-2019-13012 | Incorrect Permission Assignment for Critical Resource vulnerability in Gnome Glib The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). | 7.5 |
| 2019-06-19 | CVE-2019-2023 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 8.0/8.1/9.0 In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. | 7.2 |
| 2019-06-17 | CVE-2018-19446 | Incorrect Permission Assignment for Critical Resource vulnerability in Foxitsoftware Foxit PDF SDK Activex A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. | 6.8 |
| 2019-06-14 | CVE-2019-2257 | Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm products Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 855, SDA660, SDM660, SDX20, SDX24 | 7.2 |
| 2019-06-13 | CVE-2018-3702 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel ITE Tech Consumer Infrared Driver Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2019-06-07 | CVE-2018-19860 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command. | 5.8 |
| 2019-06-07 | CVE-2019-12777 | Incorrect Permission Assignment for Critical Resource vulnerability in Enttec products An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. | 7.2 |