CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,661 vulnerabilities with CWE-732
CVE-2024-5163 CRITICAL
com.transsion.carlcare - Info Disclosure
CVSS 9.8
CVE-2024-37369 HIGH
FactoryTalk View 12.0-13.0 - Privilege Escalation via Script Editing Bypass
CVSS 8.8
CVE-2024-36821 MEDIUM
Linksys Velop WiFi 5 - Privilege Escalation
CVSS 6.8
CVE-2024-3668 HIGH
PowerPack Pro for Elementor <= 2.10.17 - Authenticated Privilege Escalation via Registration Form Default Role
CVSS 8.8
CVE-2024-30369 HIGH
A10networks Advanced Core Operating S... - Incorrect Permission Assignment
CVSS 7.8
CVE-2024-29078 HIGH
MosP kintai kanri <4.6.6 - Info Disclosure
CVSS 7.5
CVE-2024-21902 MEDIUM
QNAP QTS and QuTS hero - Authenticated Exposure of Sensitive Information via Incorrect Permission Assignment
CVSS 6.4
CVE-2024-21835 MEDIUM
Intel Extreme Tuning Utility < 7.14.0.15 - Authenticated Privilege Escalation via Insecure Inherited Permissions
CVSS 6.7
CVE-2024-27108 MEDIUM
GE HealthCare EchoPAC - Info Disclosure
CVSS 6.8
CVE-2024-33499 CRITICAL
SIMATIC RTLS Locating Manager -<V3.0.1.1 - Info Disclosure
CVSS 9.1
CVE-2024-30208 MEDIUM
SIMATIC RTLS Locating Manager -<V3.0.1.1 - Info Disclosure
CVSS 6.3
CVE-2024-1486 HIGH
GE HealthCare ultrasound devices - Privilege Escalation
CVSS 7.4
CVE-2024-24912 MEDIUM
Harmony Endpoint Security Client <E88.10 - Privilege Escalation
CVSS 6.7
CVE-2024-33435 CRITICAL
Guangzhou Yingshi Ncast Yingshi 2007-2017 - Remote Code Execution via /manage/IPSetup.php
CVSS 9.8
CVE-2024-3375 CRITICAL
Havelsan Inc. Dialogue <1.83.1-1.84 - Privilege Escalation
CVSS 9.4
CVE-2024-2905 MEDIUM
Red Hat Enterprise Linux 10 - Incorrect Permission Assignment for /etc/shadow
CVSS 6.2
CVE-2024-32478 MEDIUM
Git Credential Manager <2.5.0 - Privilege Escalation
CVSS 6.9
CVE-2024-29964 MEDIUM
Brocade SANnav <2.3.0a - Info Disclosure
CVSS 5.7
CVE-2024-24910 HIGH
Check Point ZoneAlarm ExtremeSecurity - Privilege Escalation
CVSS 7.3
CVE-2024-21063 MEDIUM
Oracle PeopleSoft Enterprise HCM Benefits Administration 9.2 - Unauthorized Data Access and Partial Denial of Service
CVSS 6.1
CVE-2024-22334 MEDIUM
IBM UrbanCode Deploy <7.3.2.4 - Privilege Escalation
CVSS 4.4
CVE-2024-25646 HIGH
SAP BusinessObjects Web Intelligence - Authenticated Information Disclosure via Crafted Document
CVSS 7.7
CVE-2024-30413 HIGH
Huawei EMUI and HarmonyOS - Denial of Service via Window Management Module
CVSS 7.5
CVE-2024-3250 MEDIUM
Canonical Pebble < 1.4.2 - Unprivileged Local File Read via Read-File API
CVSS 6.5
CVE-2024-28589 MEDIUM
Axigen Mail Server for Windows < 10.5.18 - Local Privilege Escalation via Insecure DLL Loading
CVSS 6.7
Details
Vulnerabilities 1,661
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits