CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2020-1742 HIGH
nmstate/kubernetes-nmstate-handler < v2.3.0-30 - Privilege Escalation
CVSS 7.0
CVE-2020-14335 MEDIUM
Red Hat Satellite - Exposure of Sensitive Information via ISC DHCP Smart-Proxy OMAPI Secrets
CVSS 5.5
CVE-2020-1701 MEDIUM
KubeVirt <0.26.0 - Privilege Escalation
CVSS 6.5
CVE-2020-28910 CRITICAL
Nagios XI < 5.7.5 - Privilege Escalation via Symlink Attack in getprofile.sh
CVSS 9.8
CVE-2020-28909 HIGH
Nagios Fusion < 4.1.8 - Privilege Escalation via Incorrect File Permissions
CVSS 8.8
CVE-2020-27568 HIGH
Aviatrix Controller <5.3.1516 - Info Disclosure
CVSS 7.5
CVE-2020-26155 HIGH
Utimaco SecurityServer 4.20.0.4 and 4.31.1.0 - DLL Hijacking via Uncontrolled Search Path Element
CVSS 7.8
CVE-2020-24263 HIGH
Portainer < 1.24.1 - Unauthenticated Remote Code Execution via Container Capability Assignment
CVSS 8.8
CVE-2020-8029 LOW
SUSE CaaS Platform 4.5 - Privilege Escalation
CVSS 2.9
CVE-2020-26196 MEDIUM
Dell EMC PowerScale OneFS 8.1.0-9.1.0 - Privilege Escalation via Backup/Restore Function
CVSS 5.5
CVE-2020-26194 HIGH
Dell EMC PowerScale OneFS 8.1.2 and 8.2.2 - Incorrect Permission Assignment for Critical Resource
CVSS 7.0
CVE-2020-10553 MEDIUM
Psyprax < 3.2.2 - Unauthenticated Lockscreen Bypass via PPScreen.ini Modification
CVSS 5.5
CVE-2020-17522 MEDIUM
Apache Traffic Control <4.1.0 - Info Disclosure
CVSS 5.8
CVE-2020-28482 MEDIUM
fastify-csrf < 3.0.0 - Exposure of Sensitive Information via Insecure Cookie and GET Query Parameter
CVSS 5.9
CVE-2020-36154 HIGH
Pearson VUE Testing System 2.3.1911 - Unauthenticated Privilege Escalation via Directory Permissions
CVSS 7.8
CVE-2020-25507 HIGH
TeamworkCloud 18.0-19.0 - Incorrect Permission Assignment for Critical Resource via Installation Script
CVSS 7.8
CVE-2020-28169 HIGH
td-agent-builder < 2020-12-18 - Privilege Escalation via Writable bin Directory
CVSS 7.0
CVE-2020-24578 MEDIUM
D-Link DSL-2888A <AU_2.31_V1.1.47ae55 - Info Disclosure
CVSS 6.5
CVE-2020-25011 CRITICAL
Kyland KPS2204 R0002.P05 - Sensitive Information Disclosure via webadminget.cgi
CVSS 9.8
CVE-2020-25191 HIGH
NI CompactRIO Firmware < 20.5 - Unauthenticated Denial of Service via API Entry-Point
CVSS 7.5
CVE-2020-8908 LOW
Guava < 32.0.0 - Unprotected Temporary Directory Creation via Files.createTempDir()
CVSS 3.3
CVE-2020-7337 MEDIUM
McAfee VirusScan Enterprise < 8.8 Patch 16 - Local Security Bypass via Windows Defender Application Control
CVSS 6.5
CVE-2020-4625 MEDIUM
IBM Cloud Pak for Security 1.3.0.1 - Sensitive Information Exposure via Missing HTTPOnly Flag
CVSS 5.3
CVE-2020-29074 HIGH
x11vnc 0.9.16 - Incorrect Permission Assignment for Shared Memory Segment
CVSS 8.8
CVE-2020-10762 MEDIUM
gluster-block <0.5.1 - Info Disclosure
CVSS 5.5
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits