Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-28 | CVE-2018-18495 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. | 6.5 |
| 2019-02-28 | CVE-2018-12396 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. | 6.5 |
| 2019-02-28 | CVE-2019-2001 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android The permissions on /proc/iomem were world-readable. | 5.5 |
| 2019-02-22 | CVE-2019-7729 | Incorrect Permission Assignment for Critical Resource vulnerability in Bosch Smart Camera An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. | 3.3 |
| 2019-02-19 | CVE-2018-9867 | Incorrect Permission Assignment for Critical Resource vulnerability in Sonicwall Sonicos and Sonicosv In SonicWall SonicOS, administrators without full permissions can download imported certificates. | 5.5 |
| 2019-02-18 | CVE-2019-0111 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Data Center Manager Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2019-02-18 | CVE-2019-0108 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Data Center Manager Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access. | 5.5 |
| 2019-01-29 | CVE-2018-10612 | Incorrect Permission Assignment for Critical Resource vulnerability in Codesys products In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. | 9.8 |
| 2019-01-22 | CVE-2018-13374 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortiadc and Fortios A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. | 4.3 |
| 2019-01-16 | CVE-2018-18812 | Incorrect Permission Assignment for Critical Resource vulnerability in Tibco products The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. | 5.3 |