CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732

CVE-2021-3172 HIGH

php-fusion 9.03.90-9.09.99 - Authenticated Distributed Denial of Service via Polling Feature

CVSS 8.1

CVE-2021-37306 HIGH

jeecg < 2.4.5 - Insecure Permissions via /sys/user/checkOnlyUser API

CVSS 7.5

CVE-2021-37305 HIGH

jeecg < 2.4.5 - Insecure Permissions via /sys/user/querySysUser API

CVSS 7.5

CVE-2021-37304 HIGH

jeecg-boot < 2.4.5 - Unauthenticated Insecure Permissions via httptrace Interface

CVSS 7.5

CVE-2021-22648 HIGH

Ovarro TBox < 1.46 - Unauthenticated Arbitrary File Manipulation via Modbus Configuration Access

CVSS 8.8

CVE-2021-45492 HIGH

Sage 300 ERP < 2022 - Unauthenticated Privilege Escalation via DLL Search-Order Hijacking

CVSS 7.8

CVE-2021-38289 HIGH

Novastar-VNNOX-iCare Novaicare <7.16.0 - Privilege Escalation

CVSS 8.8

CVE-2021-38879 MEDIUM

IBM Jazz Team Server <7.0.2 - Info Disclosure

CVSS 5.3

CVE-2021-20355 MEDIUM

IBM Jazz Team Server <7.0.3 - Info Disclosure

CVSS 5.3

CVE-2021-40649 MEDIUM

Connx <6.2.0.1269 - Info Disclosure

CVSS 6.5

CVE-2021-44167 MEDIUM

FortiClient for Linux <= 7.0.2 - Unauthenticated Sensitive Information Exposure via Symbolic Links

CVSS 6.8

CVE-2021-27764 HIGH

HCL BigFix WebUI - Insecure Cookie Permission Assignment

CVSS 7.4

CVE-2021-23055 MEDIUM

NGINX Ingress Controller <2.0.3-1.12.3 - Command Injection

CVSS 6.5

CVE-2021-38483 MEDIUM

FANUC ROBOGUIDE <= 9.40083.00.05 - Privilege Escalation

CVSS 6.0

CVE-2021-36290 MEDIUM

Dell VNX2 for File <8.1.21.266 - Privilege Escalation

CVSS 6.4

CVE-2021-42855 HIGH

SteelCentral AppInternals Agent 11.0.0-11.8.7 Local Privilege Escalation via Debug Config

CVSS 7.8

CVE-2021-4199 HIGH

Bitdefender Antivirus Plus - Incorrect Permission Assignment

CVSS 7.8

CVE-2021-3631 MEDIUM

libvirt < 7.5.0 - Incorrect Permission Assignment for Critical Resource via SELinux MCS Category Pair Generation

CVSS 6.3

CVE-2021-3557 MEDIUM

Argo CD < 1.1.1 - Unauthenticated Cluster Resource and Secret Exposure via ServiceAccount

CVSS 6.5

CVE-2021-44521 CRITICAL

Apache Cassandra 3.0.0-3.0.25 - Authenticated Remote Code Execution via User Defined Functions

CVSS 9.1

CVE-2021-39992 HIGH

Huawei EMUI - Incorrect Permission Assignment for Critical Resource

CVSS 7.8

CVE-2021-22284 HIGH

ABB OPC Server for AC 800M 5.1.0-0-5.9.9-9 - Incorrect Permission Assignment for Critical Resource

CVSS 8.4

CVE-2021-29396 CRITICAL

NorthStar Club Management 6.3 - Unauthenticated Insecure Permission Assignment

CVSS 9.8

CVE-2021-22566 CRITICAL

Fuchsia - Privilege Escalation via Incorrect UXN and PXN Bit Handling in mmu_flags_to_s1_pte_attr

CVSS 9.8

CVE-2021-39627 HIGH

Android - Local Privilege Escalation via Unsafe PendingIntent in LegacyModeSmsHandler

CVSS 7.8

Details

Vulnerabilities 1,664

Exploit Likelihood High

Links