CWE-732
High likelihoodIncorrect Permission Assignment for Critical Resource
Parent: CWE-285 - Improper Authorization
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
1,661 vulnerabilities with CWE-732
CVE-2024-12255
MEDIUM
Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure via cf7sa-info.php
CVSS 5.3
CVE-2024-12363
HIGH
TeamViewer <24.12 - Privilege Escalation
CVSS 7.1
CVE-2024-8540
HIGH
Ivanti Sentry <10.1.0 - Privilege Escalation
CVSS 8.8
CVE-2024-7572
HIGH
Ivanti Desktop and Server Management 2024.2-2024.3.5740 - Authenticated Arbitrary File Deletion
CVSS 7.1
CVE-2024-10256
HIGH
Ivanti Patch SDK <9.7.703 - Privilege Escalation
CVSS 7.1
CVE-2024-8256
MEDIUM
Teltonika Networks RUTOS <7.8, TSWOS <1.3 - Privilege Escalation
CVE-2024-41647
CRITICAL
Open Robotics ROS2 navigation2 v.humble - Arbitrary Code Execution via nav2_mppi_controller
CVSS 9.8
CVE-2024-11220
HIGH
Open Automation Software < 20.0.0.76 - Privilege Escalation via RDLX Report Execution
CVSS 7.8
CVE-2024-45841
MEDIUM
I-O DATA DEVICE UD-LT1 and UD-LT1/EX <= 2.1.9 - Unauthenticated Information Disclosure via Guest Account File Access
CVSS 6.5
CVE-2024-12151
MEDIUM
Devolutions Server < 2024.3.9.0 - Incorrect Permission Assignment in User Migration Feature
CVSS 5.0
CVE-2024-12149
HIGH
Devolutions Remote Desktop Manager < 2024.3.20.0 - Authenticated Privilege Escalation via Temporary Access Requests
CVSS 8.1
CVE-2024-37574
HIGH
GriceMobile <4.5.2 - Code Injection
CVSS 8.2
CVE-2024-42449
HIGH
VSPC Management Agent - Privilege Escalation
CVSS 7.1
CVE-2024-54159
MEDIUM
stalld <= 1.19.7 - Denial of Service via /tmp/rtthrottle Symlink Attack
CVSS 4.1
CVE-2024-21703
MEDIUM
Confluence Data Center and Server < 7.19.18 - Authenticated Sensitive Information Exposure via Windows Configuration
CVSS 6.4
CVE-2024-28955
MEDIUM
Sharp and Toshiba Tec MFPs - Unprotected Sensitive Data Exposure via World-Readable Coredump Files
CVSS 5.9
CVE-2024-9245
HIGH
Foxit PDF Reader and PDF Editor - Local Privilege Escalation via Update Service Configuration File
CVSS 7.8
CVE-2024-9244
HIGH
Foxit PDF Reader and PDF Editor - Local Privilege Escalation via Update Service Configuration File
CVSS 7.8
CVE-2024-7245
HIGH
Panda Security Dome VPN - Local Privilege Escalation via Hydra Sdk Service Folder Permissions
CVSS 7.8
CVE-2024-6871
HIGH
G DATA Total Security - Privilege Escalation
CVSS 7.8
CVE-2024-38646
MEDIUM
Notes Station 3 <3.9.7 - Privilege Escalation
CVSS 6.0
CVE-2024-11176
MEDIUM
M-Files Aino <24.10 - Info Disclosure
CVE-2024-41974
HIGH
WAGO CC100, PFC100 G2, PFC200 G2, TP600, Edge Controller < 4.5.10 (FW27) - DoS via BACNet
CVSS 7.1
CVE-2024-41970
MEDIUM
Product <Version> - Info Disclosure
CVSS 5.7
CVE-2024-36294
MEDIUM
Intel(R) DSA <24.3.26.8 - Privilege Escalation
CVSS 6.7
Details
Vulnerabilities
1,661
Exploit Likelihood
High