CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2022-20399 MEDIUM
Android - Local Information Disclosure via SEPolicy Insecure Default Value
CVSS 5.5
CVE-2022-20398 HIGH
Android - Local Privilege Escalation via WifiServiceImpl Permissions Bypass
CVSS 7.8
CVE-2022-39207 MEDIUM
OneDev < 7.3.0 - Stored Cross-Site Scripting via Build Artifact HTML Rendering
CVSS 5.4
CVE-2022-36103 HIGH
Talos Linux < 1.2.2 - Incorrect Permission Assignment for Critical Resource via Worker Node CSR Validation
CVSS 7.2
CVE-2022-37771 MEDIUM
IObit Malware Fighter 9.2 - Privilege Escalation via Tamper Protection Bypass
CVSS 6.7
CVE-2022-36670 MEDIUM
PCProtect Endpoint < 5.17.470 - Authenticated Privilege Escalation via Process Tampering
CVSS 6.7
CVE-2022-38170 MEDIUM
Apache Airflow <2.3.4 - Info Disclosure
CVSS 4.7
CVE-2022-37435 HIGH
Apache ShenYu 2.4.2-2.4.3 - Authenticated Privilege Escalation via Password Modification
CVSS 8.8
CVE-2022-32778 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Information Disclosure via Cookie HttpOnly Flag Missing
CVSS 7.5
CVE-2022-32777 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Information Disclosure via Session Cookie
CVSS 7.5
CVE-2022-35167 HIGH
Printix Cloud Print Management 1.3.1149.0 - Incorrect Permission Assignment for Critical Resource
CVSS 8.8
CVE-2022-22411 MEDIUM
IBM Spectrum Scale DAS <5.1.3.1 - Code Injection
CVSS 6.5
CVE-2022-36800 MEDIUM
Atlassian Jira Service Management < 4.22.2 - Unauthenticated Information Disclosure via browsegroups.action Endpoint
CVSS 4.3
CVE-2022-34112 MEDIUM
Dataease v1.11.1 - Privilege Escalation
CVSS 6.5
CVE-2022-1655 MEDIUM
Red Hat OpenStack Horizon - Incorrect Permission Assignment for Critical Resource in Session Cookie Handling
CVSS 6.5
CVE-2022-34891 HIGH
Parallels Desktop 17.1.1 - Privilege Escalation via Incorrect File Permissions
CVSS 7.8
CVE-2022-20234 HIGH
Car Settings - Privilege Escalation
CVSS 7.5
CVE-2022-20218 HIGH
Android - Local Privilege Escalation via PermissionController Logic Error
CVSS 7.8
CVE-2022-33695 MEDIUM
InputManagerService <SMR Jul-2022 Release 1 - Privilege Escalation
CVSS 5.1
CVE-2022-30929 HIGH
Mini-Tmall v1.0 - Privilege Escalation
CVSS 8.8
CVE-2022-2227 LOW
GitLab < 14.10.5, 15.0 < 15.0.4, 15.1 < 15.1.1 - Improper Access Control in Runner Jobs API
CVSS 3.1
CVE-2022-23725 HIGH
PingID Integration for Windows Login < 2.8 - Insufficiently Protected Credentials via Registry Permissions
CVSS 7.7
CVE-2022-34043 HIGH
NoMachine 7.9.2 - Incorrect Permission Assignment for Critical Resource in Uninstall Folder
CVSS 7.3
CVE-2022-34012 MEDIUM
OneBlog v2.3.4 - Privilege Escalation
CVSS 6.5
CVE-2022-1596 MEDIUM
ABB REX640 PCL1 < 1.0.7, PCL2 < 1.1.4, PCL3 < 1.2.1 - Incorrect Permission Assignment
CVSS 6.5
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits