CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2021-0372 HIGH
Android 11 - Local Privilege Escalation via Unsafe PendingIntent in RemoteMediaSlice
CVSS 7.8
CVE-2021-21177 MEDIUM
Google Chrome <89.0.4389.72 - Info Disclosure
CVSS 6.5
CVE-2021-0109 HIGH
Intel Compute Stick STK1A32SC Firmware < 604 - Authenticated Privilege Escalation via Insecure Driver Permissions
CVSS 7.8
CVE-2021-0336 HIGH
Android 8.1-11 - Local Privilege Escalation via Mutable PendingIntent in BluetoothPermissionRequest
CVSS 7.8
CVE-2021-0334 HIGH
Android 8.1-11 - Local Privilege Escalation via ResolverActivity Default Handler Bypass
CVSS 7.8
CVE-2021-23874 HIGH KEV
McAfee Total Protection < 16.0.30 - Arbitrary Process Execution and Privilege Escalation via Self-Defense Bypass
CVSS 8.2
CVE-2021-25276 HIGH
SolarWinds Serv-U <15.2.2 - Privilege Escalation
CVSS 7.1
CVE-2021-3165 HIGH
SmartAgent 3.1.0 - Privilege Escalation via CampaignManager Users Endpoint
CVSS 8.8
CVE-2021-22850 MEDIUM
HGiga oaklouds_portal - Unauthenticated Privileged Function Access
CVSS 5.3
CVE-2021-1126 MEDIUM
Cisco Firepower Management Center - Info Disclosure
CVSS 5.5
CVE-2021-0304 MEDIUM
Android 8.0-10 - Local Information Disclosure via Unsafe PendingIntent in GlobalScreenshot
CVSS 5.5
CVE-2021-21494 MEDIUM
MK-AUTH < 19.01 - Cross-Site Scripting via admin/logs_ajax.php tipo Parameter
CVSS 4.8
CVE-2020-36938 HIGH
WinAVR <20100110 - Privilege Escalation
CVSS 8.8
CVE-2020-36916 HIGH
TDM Digital Signage PC Player 4.1.0.4 - Privilege Escalation
CVSS 8.8
CVE-2020-24681 HIGH
B&R Industrial Automation Studio <4.9.4 - Privilege Escalation
CVSS 8.2
CVE-2020-36770 CRITICAL
Gentoo Slurm <22.05.3 - Privilege Escalation
CVSS 9.8
CVE-2020-15329 MEDIUM
Zyxel CloudCNM SecuManager <3.1.1 - Privilege Escalation
CVSS 5.3
CVE-2020-15328 MEDIUM
Zyxel CloudCNM SecuManager <3.1.1 - Info Disclosure
CVSS 5.3
CVE-2020-27836 CRITICAL
Red Hat OpenShift Container Platform - Incorrect Permission Assignment for Critical Resource in cluster-ingress-operator
CVSS 9.8
CVE-2020-1754 MEDIUM
Moodle <3.8.2, <3.7.5, <3.6.9, <3.5.11 - Info Disclosure
CVSS 4.3
CVE-2020-4146 MEDIUM
IBM Security SiteProtector System 3.1.1 - Sensitive Information Exposure via Missing HttpOnly Flag
CVSS 5.3
CVE-2020-14263 LOW
HCL Traveler Companion < 12.0.0 - Weak Cryptographic Process via MobileIron AppConnect SDK
CVSS 3.9
CVE-2020-18121 HIGH
Indexhibit 2.1.5 - Authenticated Arbitrary PHP File Modification
CVSS 8.8
CVE-2020-0417 HIGH
Android - Local Privilege Escalation via Empty Mutable PendingIntent
CVSS 7.8
CVE-2020-4945 HIGH
IBM Db2 11.5 - Authenticated Arbitrary File Write via Improper Group Permissions
CVSS 8.1
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits