CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,661 vulnerabilities with CWE-732
CVE-2024-36276 MEDIUM
Intel(R) CIP <2.4.10852 - Privilege Escalation
CVSS 6.7
CVE-2024-39709 HIGH
Ivanti Connect Secure and Policy Secure - Local Privilege Escalation via Incorrect File Permissions
CVSS 7.8
CVE-2024-9842 HIGH
Ivanti Secure Access Client < 22.7R4 - Authenticated Arbitrary Folder Creation via Incorrect Permissions
CVSS 7.3
CVE-2024-47808 HIGH
SINEC NMS < V3.0 SP1 - Privilege Escalation
CVSS 8.4
CVE-2024-47783 HIGH
SIPORT <V3.4.0 - Privilege Escalation
CVSS 7.8
CVE-2024-50590 HIGH
Elefant <unknown - Privilege Escalation
CVSS 7.8
CVE-2024-10526 HIGH
Rapid7 Velociraptor MSI Installer <0.73.3 - Privilege Escalation
CVE-2024-45164 HIGH
Akamai Secure Internet Access Enterprise ThreatAvert - Incorrect Permission Assignment in ThreatAvert Policy Page
CVSS 7.1
CVE-2024-10228 LOW
Vagrant VMWare Utility <1.0.23 - Privilege Escalation
CVSS 3.8
CVE-2024-0128 HIGH
NVIDIA vGPU and Cloud Gaming < 17.4, 16.8, and October 2024 - Incorrect Permission Assignment for Critical Resource
CVSS 7.1
CVE-2024-46897 LOW
Exment <= 5.0.11 and <= 6.1.4 - Authenticated Incorrect Permission Assignment for Critical Resource
CVSS 3.8
CVE-2024-22029 HIGH
SUSE Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122 - Insecure Permissions in Tomcat Packaging
CVSS 7.8
CVE-2024-10018 CRITICAL
com.transsion.aivoiceassistant - Privilege Escalation
CVSS 9.8
CVE-2024-44729 HIGH
Mirotalk <9de226 - Privilege Escalation
CVSS 7.5
CVE-2024-47833 MEDIUM
Taipy < 4.0.0 - Cleartext Transmission of Sensitive Information via Session Cookies
CVSS 6.5
CVE-2024-7612 HIGH
Ivanti Endpoint Manager Mobile < 12.1.0.4 - Authenticated Insecure Permission Assignment
CVSS 8.8
CVE-2024-24117 CRITICAL
Ruijie RG-NBS2009G-P Firmware 10.4(1)P2 - Privilege Escalation via Login Check State
CVSS 9.8
CVE-2024-6360 CRITICAL
OpenText Vertica 10.X-24.X - Privilege Escalation
CVSS 9.8
CVE-2024-7594 HIGH
Hashicorp Vault < 1.15.15 - Incorrect Permission Assignment
CVSS 7.5
CVE-2024-9142 CRITICAL
Olgu Computer Systems e-Belediye <2.0.642 - Path Traversal
CVSS 9.8
CVE-2024-8900 HIGH
Firefox < 129.0 - Unauthenticated Clipboard Write Bypass via Navigational Event Sequence
CVSS 7.5
CVE-2024-8039 CRITICAL
com.afmobi.boomplayer - Privilege Escalation
CVSS 9.8
CVE-2024-6510 HIGH
AVG Internet Security <24 - Privilege Escalation
CVSS 7.8
CVE-2024-44575 LOW
RELY-PCIe <23.1.0 - Info Disclosure
CVSS 3.7
CVE-2024-41171 HIGH
SINUMERIK 828D V4, 828D V5 < V5.24, 840D sl V4, ONE < V6.24 - Authenticated Privilege Escalation via Script Access
CVSS 8.8
Details
Vulnerabilities 1,661
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits