CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2021-39621 HIGH
Android - Local Privilege Escalation via Unsafe PendingIntent in LegacyModeSmsHandler
CVSS 7.8
CVE-2021-44466 HIGH
Bitmask Riseup VPN 0.21.6 - Local Privilege Escalation via Improper ACLs
CVSS 7.3
CVE-2021-20172 HIGH
Netgear Genie Installer - Local Privilege Escalation via Insecure File Handling
CVSS 7.8
CVE-2021-20874 HIGH
GroupSession Free/Z/ByCloud <5.1.1 - Info Disclosure
CVSS 7.5
CVE-2021-27445 HIGH
Mesa Labs AmegaView <3.0 - Privilege Escalation
CVSS 7.8
CVE-2021-35248 MEDIUM
SolarWinds Orion Platform < 2020.2.6 - Unauthenticated User Enumeration via Orion.UserSettings Entity
CVSS 6.8
CVE-2021-0904 MEDIUM
Android - Permission Bypass via Insecure SRAMROM Permission Setting
CVSS 6.7
CVE-2021-42309 HIGH
Microsoft SharePoint Server - Remote Code Execution
CVSS 8.8
CVE-2021-43065 HIGH
Fortinet FortiNAC <9.2.0 - Privilege Escalation
CVSS 7.8
CVE-2021-36133 HIGH
OPTEE-OS CSU - Privilege Escalation
CVSS 7.1
CVE-2021-44512 HIGH
tmate-ssh-server < 2.3.0 - Incorrect Permission Assignment for Critical Resource
CVSS 7.0
CVE-2021-43034 HIGH
Kaseya Unitrends Backup <10.5.5 - Privilege Escalation
CVSS 7.8
CVE-2021-43359 HIGH
Sunnet eHRD - Authenticated Privilege Escalation via Account Management Page
CVSS 8.8
CVE-2021-40101 HIGH
Concrete CMS < 8.5.7 - Unauthenticated Password Change via Dashboard
CVSS 7.2
CVE-2021-44230 MEDIUM
Burp Suite Enterprise Edition < 2021.11 - Privilege Escalation via Weak H2 Database File Permissions
CVSS 6.5
CVE-2021-43998 MEDIUM
HashiCorp Vault <1.7.5-1.8.4 - Info Disclosure
CVSS 6.5
CVE-2021-42115 HIGH
TopEase <= 7.1.27 - Unauthenticated Privilege Escalation via Missing HTTPOnly Flag
CVSS 8.1
CVE-2021-24703 MEDIUM
WordPress Download Plugin <1.6.1 - CSRF
CVSS 5.7
CVE-2021-43019 HIGH
Adobe Creative Cloud <5.5 - Privilege Escalation
CVSS 7.8
CVE-2021-39235 MEDIUM
Apache Ozone < 1.2.0 - Authenticated Incorrect Permission Assignment for Critical Resource
CVSS 6.5
CVE-2021-0064 HIGH
Intel WiFi Firmware < 22.40 - Authenticated Privilege Escalation via Insecure Inherited Permissions
CVSS 7.8
CVE-2021-33094 HIGH
Intel Nuc M15 Laptop Kit Keyboard Led Service Driver Pack < 1.0.0.4 - Incorrect Permission Assignment
CVSS 7.8
CVE-2021-33093 HIGH
Intel Nuc M15 Laptop Kit Serial IO Driver Pack < 30.100.2104.1 - Incorrect Permission Assignment
CVSS 7.8
CVE-2021-33091 HIGH
Intel(R) NUC M15 Laptop Kit audio driver <1.3 - Privilege Escalation
CVSS 7.8
CVE-2021-42955 HIGH
Zoho Remote Access Plus Server <10.1.2132 - Privilege Escalation
CVSS 7.3
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits