CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732

CVE-2022-22941 HIGH

SaltStack Salt < 3002.8 - Incorrect Permission Assignment for Critical Resource via Master-of-Masters Configuration

CVSS 8.8

CVE-2022-24769 MEDIUM

Moby <20.10.14 - Privilege Escalation

CVSS 5.9

CVE-2022-0652 LOW

Sophos UTM <9.710 - Info Disclosure

CVSS 3.3

CVE-2022-24236 LOW

Snapt Aria 12.8 - Unauthenticated Email Spoofing via Insecure Permissions

CVSS 3.5

CVE-2022-26247 MEDIUM

teamwork_management_system 2.28.0 - Incorrect Permission Assignment via User Update Component

CVSS 5.9

CVE-2022-26526 HIGH

Anaconda3 <2021.11.0.0 - Privilege Escalation

CVSS 7.8

CVE-2022-21946 MEDIUM

opensuse cscreen <1.4 - Privilege Escalation

CVSS 5.3

CVE-2022-21819 HIGH

NVIDIA Jetson Linux 32.1-32.7.1 - Unauthenticated Direct Memory Access via IOMMU Misconfiguration

CVSS 7.6

CVE-2022-22148 HIGH

Yokogawa Electric - Privilege Escalation

CVSS 7.8

CVE-2022-22141 HIGH

Yokogawa Electric - Privilege Escalation

CVSS 7.8

CVE-2022-25010 CRITICAL

Stepmania v5.1b2 and below - Unauthenticated Path Traversal via /rootfs Component

CVSS 9.1

CVE-2022-24327 HIGH

JetBrains Hub <2021.1.13890 - Info Disclosure

CVSS 7.5

CVE-2022-0247 HIGH

Fuchsia < 2022-01-03 - Unauthorized VMO Data Modification via Copy-on-Write Snapshots

CVSS 7.5

CVE-2022-0483 HIGH

Acronis VSS Doctor <build 53 - Privilege Escalation

CVSS 7.8

CVE-2022-0532 MEDIUM

CRI-O < 1.18 - Incorrect Sysctls Validation via Safe Sysctls List

CVSS 4.2

CVE-2022-0338 MEDIUM

Conda loguru <0.5.3 - Info Disclosure

CVSS 4.3

CVE-2022-0277 MEDIUM

Packagist microweber/microweber <1.2.11 - Privilege Escalation

CVSS 6.5

CVE-2022-21694 LOW

OnionShare < 2.5 - Incorrect Permission Assignment for Critical Resource

CVSS 3.7

CVE-2022-22988 HIGH

Western Digital EdgeRover < 1.5.0-576 - Authenticated Path Traversal via Incorrect File Permissions

CVSS 7.7

CVE-2022-23132 LOW

Zabbix 4.0.0-4.0.35 - Improper Access Control via SELinux DAC_OVERRIDE Capability

CVSS 3.3

CVE-2021-4481 HIGH

Dräger Protector Software Local Privilege Escalation via Insecure File Permissions

CVSS 8.2

CVE-2021-4480 HIGH

Dräger Protector Software Local Privilege Escalation via Insecure File Permissions

CVSS 8.2

CVE-2021-47756 HIGH

Laravel Valet <2.0.3 - Privilege Escalation

CVSS 8.4

CVE-2021-47742 HIGH

Epic Games Psyonix Rocket League <=1.95 - Privilege Escalation

CVSS 8.8

CVE-2021-40331 HIGH

Apache Ranger Hive Plugin <2.4.0 - Privilege Escalation

CVSS 8.1

Details

Vulnerabilities 1,664

Exploit Likelihood High

Links