CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2021-22148 HIGH
Elastic Enterprise Search < 7.14.0 - Incorrect Permission Assignment for API Keys
CVSS 8.8
CVE-2021-22147 MEDIUM
Elasticsearch 7.11.0-7.13.4 - Authenticated Missing Authorization in Searchable Snapshots
CVSS 6.5
CVE-2021-3706 HIGH
Pi-hole Web Interface < 5.6 - Sensitive Cookie Without 'HttpOnly' Flag
CVSS 7.5
CVE-2021-35508 HIGH
TeraRecon AQNetClient <4.4.13 - Privilege Escalation
CVSS 8.8
CVE-2021-38154 HIGH
Canon devices <2020 - Info Disclosure
CVSS 7.5
CVE-2021-30964 MEDIUM
macOS Monterey <12.1 - Privilege Escalation
CVSS 5.5
CVE-2021-30920 MEDIUM
macOS Monterey 12.0.1 - Info Disclosure
CVSS 5.5
CVE-2021-30892 MEDIUM
macOS <12.0.1, <11.6.1 - Privilege Escalation
CVSS 5.5
CVE-2021-38557 HIGH
raspap-webgui - Unauthenticated Privilege Escalation via Sudoers Misconfiguration
CVSS 8.8
CVE-2021-25263 HIGH
Yandex Browser <21.9.0.390 - Privilege Escalation
CVSS 7.8
CVE-2021-36281 HIGH
Dell EMC PowerScale OneFS <9.2.x - Privilege Escalation
CVSS 7.5
CVE-2021-36280 HIGH
Dell EMC PowerScale OneFS <9.2.x - Info Disclosure
CVSS 7.8
CVE-2021-36279 HIGH
Dell EMC PowerScale OneFS <9.2.x - Info Disclosure
CVSS 7.8
CVE-2021-37841 HIGH
Docker Desktop < 3.6.0 - Unauthenticated Container Compromise via Incorrect Access Control
CVSS 7.8
CVE-2021-38590 MEDIUM
cPanel < 11.98.0.8 - Information Disclosure via Weak Web Stats Permissions
CVSS 5.5
CVE-2021-38085 HIGH
Canon TR150 <3.71.2.10 - Privilege Escalation
CVSS 7.8
CVE-2021-21567 HIGH
Dell PowerScale OneFS 9.1.0.x - Authenticated Privilege Escalation
CVSS 7.8
CVE-2021-32577 HIGH
Acronis True Image - Local Privilege Escalation via Insecure Folder Permissions
CVSS 7.8
CVE-2021-30577 HIGH
Google Chrome <92.0.4515.107 - Privilege Escalation
CVSS 7.8
CVE-2021-32463 HIGH
Trend Micro Apex One & Worry-Free Business Security Privilege Escalation & DoS via Incorrect Permissions
CVSS 7.8
CVE-2021-32760 MEDIUM
containerd <1.4.8-1.5.4 - Privilege Escalation
CVSS 5.0
CVE-2021-35449 HIGH
Lexmark Universal Print Driver <2.15.1.0 - Privilege Escalation
CVSS 7.8
CVE-2021-25318 HIGH
Rancher <2.5.9, <2.4.16 - Privilege Escalation
CVSS 8.8
CVE-2021-31859 HIGH
YSoft SafeQ 6 6.0.55 - Local Privilege Escalation via MU55 FlexiSpooler Service
CVSS 7.8
CVE-2021-20423 HIGH
IBM Cloud Pak for Applications 4.3 - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits