CWE-732
High likelihoodIncorrect Permission Assignment for Critical Resource
Parent: CWE-285 - Improper Authorization
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
1,661 vulnerabilities with CWE-732
CVE-2024-45041
HIGH
External Secrets Operator - Privilege Escalation
CVSS 8.3
CVE-2024-38456
HIGH
Vivavis HIGH-LEIT - Privilege Escalation
CVSS 7.8
CVE-2024-7986
HIGH
Rockwell Automation ThinManager < - Info Disclosure
CVSS 7.5
CVE-2024-5930
HIGH
VIPRE Advanced Security - Local Privilege Escalation via Anti Malware Service File Permissions
CVSS 7.8
CVE-2024-7513
HIGH
Rockwell Automation FactoryTalk View >=13.0 - Unauthenticated Arbitrary File Write and Privilege Escalation
CVSS 8.8
CVE-2024-5915
HIGH
GlobalProtect 5.1.0-5.1.8 - Privilege Escalation
CVSS 7.8
CVE-2024-25561
MEDIUM
Intel(R) HID Event Filter <2.2.2.1 - Privilege Escalation
CVSS 6.7
CVE-2024-23908
MEDIUM
Flexlm License Daemons For Intel Fpga < 11.19.5.0 - Incorrect Permission Assignment
CVSS 6.7
CVE-2024-6619
HIGH
Ocean Data Systems Dream Report - Privilege Escalation/DoS
CVE-2024-43199
HIGH
Nagios NDOUtils <2.1.4 - Privilege Escalation
CVSS 7.8
CVE-2024-41820
MEDIUM
kubean < 0.18.0 - Incorrect Permission Assignment for Critical Resource
CVSS 6.0
CVE-2024-41720
HIGH
ZWX-2000CSW2-HN Firmware < 0.3.15 - Authenticated Incorrect Permission Assignment for Critical Resource
CVSS 8.0
CVE-2024-41954
MEDIUM
fogproject 1.5.10-1.5.10.41 - Unauthenticated Sensitive Information Exposure via .fogsettings File
CVSS 5.3
CVE-2024-31202
HIGH
ThermoscanIP - Local Privilege Escalation via Incorrect Installation Folder Permissions
CVSS 7.8
CVE-2024-27883
MEDIUM
macOS < 12.7.6, < 13.6.8, < 14.6 - Unprotected File System Modification via Permissions Issue
CVSS 4.4
CVE-2024-41685
HIGH
SyroTech SY-GPON-1110-WDONT Firmware - Session Cookie Sidejacking via Missing HTTPOnly Flag
CVSS 7.5
CVE-2024-1724
MEDIUM
snapd < 2.62 - Unauthenticated Arbitrary Script Installation via Home Plug
CVSS 6.3
CVE-2024-5618
CRITICAL
PruvaSoft Informatics Apinizer Mgmt Console <2024.05.1 - Privilege ...
CVSS 9.9
CVE-2024-6435
HIGH
Rockwellautomation Rockwell Automation Pavilion8 - Privilege Escalation
CVSS 8.8
CVE-2024-6780
LOW
Android Server Telecom - Info Disclosure
CVSS 3.3
CVE-2024-6739
MEDIUM
Openfind MailGates and MailAudit < 6.1.7.040 - Session Cookie Theft via Missing HttpOnly Flag
CVSS 5.3
CVE-2024-20456
MEDIUM
Cisco IOS XR - Privilege Escalation
CVSS 6.7
CVE-2024-28827
HIGH
Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, <= 2.0.0p39 - Incorrect Permission Assignment for Critical Resource
CVSS 8.8
CVE-2024-39875
MEDIUM
SINEMA Remote Connect Server < 3.2 SP1 - Authenticated Information Disclosure via User Details Retrieval
CVSS 4.3
CVE-2024-37087
MEDIUM
VMware Cloud Foundation >=4.0 <5.2 and vCenter Server - Denial of Service
CVSS 5.3
Details
Vulnerabilities
1,661
Exploit Likelihood
High