CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,662 vulnerabilities with CWE-732

CVE-2023-45205 HIGH

SICAM PAS/PQS 8.00-8.19 - Authenticated Privilege Escalation via Insecure File Permissions

CVSS 7.8

CVE-2023-38640 MEDIUM

SICAM PAS/PQS <V8.22 - Privilege Escalation

CVSS 6.6

CVE-2023-42189 HIGH

Tapo Mini Smart Wi-fi Plug Firmware - Incorrect Permission Assignment

CVSS 7.5

CVE-2023-45369 MEDIUM

MediaWiki PageTriage < 1.35.12, 1.36-1.39 < 1.39.5, 1.40 < 1.40.1 - Unprotected User Data Exposure

CVSS 4.3

CVE-2023-45364 MEDIUM

MediaWiki 1.36.0-1.39.4 and 1.40.0 - Information Disclosure via Deleted Revision Permission Check

CVSS 5.3

CVE-2023-36465 CRITICAL

Decidim <0.26.8, <0.27.4 - Privilege Escalation

CVSS 9.1

CVE-2023-44387 LOW

Gradle < 7.6.3 - Incorrect Permission Assignment for Critical Resource via Symlink Handling

CVSS 3.2

CVE-2023-5077 HIGH

HashiCorp Vault < 1.13.0 - Incorrect Privilege Assignment in Google Cloud Secrets Engine

CVSS 7.6

CVE-2023-20254 HIGH

Cisco Catalyst SD-WAN Manager - Privilege Escalation

CVSS 7.2

CVE-2023-4565 MEDIUM

Huawei EMUI and HarmonyOS - Incorrect Permission Assignment for Critical Resource in Framework Module

CVSS 5.3

CVE-2023-41295 MEDIUM

Huawei EMUI - Incorrect Permission Assignment for Critical Resource in DisplayEngine Module

CVSS 5.3

CVE-2023-4665 HIGH

Saphira Connect < 9 - Privilege Escalation via Incorrect Execution-Assigned Permissions

CVSS 8.8

CVE-2023-38557 HIGH

Spectrum Power 7 <V23Q3 - Privilege Escalation

CVSS 8.2

CVE-2023-40622 CRITICAL

SAP BusinessObjects <430 - Info Disclosure

CVSS 9.9

CVE-2023-32005 MEDIUM

Node.js 20.0.0-20.5.0 - Unauthorized File Stats Access via fs.statfs API

CVSS 5.3

CVE-2023-4777 LOW

Qualys Container Scanning Connector < 1.6.2.7 - Credential Enumeration and Capture via Permission Check Bypass

CVSS 3.1

CVE-2023-32162 HIGH

Wacom Drivers for Windows - Local Privilege Escalation via WacomInstallI.txt File Permissions

CVSS 7.8

CVE-2023-3915 MEDIUM

GitLab EE <16.1.5-16.3.1 - Privilege Escalation

CVSS 6.5

CVE-2023-34391 HIGH

SEL-5033 AcSELerator RTAC Software < 1.35.151.21000 - Insecure Inherited Permissions

CVSS 7.4

CVE-2023-40754 HIGH

PHPJabbers Car Rental Script 3.0 - RCE

CVSS 8.8

CVE-2023-4228 LOW

ioLogik 4000 Series <v1.6 - Info Disclosure

CVSS 3.1

CVE-2023-20234 MEDIUM

Cisco FXOS Software - Privilege Escalation

CVSS 4.4

CVE-2023-20230 MEDIUM

Cisco Application Policy Infrastructure Controller 5.2-5.2(8d) - Authenticated Improper Access Control

CVSS 5.4

CVE-2023-20200 HIGH

Cisco Firepower and UCS Fabric Interconnect Firmware - Authenticated Denial of Service via SNMP Request

CVSS 7.7

CVE-2023-4383 HIGH

MicroWorld eScan Anti-Virus 7.0.32 - Use After Free

CVSS 7.8

Details

Vulnerabilities 1,662

Exploit Likelihood High

Links