CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2020-9671 CRITICAL
Adobe Creative Cloud Desktop Application < 5.1 - Incorrect Permission Assignment
CVSS 9.8
CVE-2020-15697 MEDIUM
Joomla! 3.0.0-3.9.19 - Variable Tampering via User Table Class
CVSS 4.3
CVE-2020-11827 HIGH
GOG Galaxy < 1.2.67 - Unauthenticated Privilege Escalation via Weak Service Permissions
CVSS 7.8
CVE-2020-6267 MEDIUM
SAP Disclosure Mgmt <10.1 - Info Disclosure
CVSS 5.4
CVE-2020-5371 HIGH
Dell EMC Isilon OneFS <= 8.2.2 and PowerScale 9.0.0 - Unauthorized File Access via Insufficient File Permissions
CVSS 8.0
CVE-2020-15529 HIGH
GOG Galaxy Client 2.0.17 - Local Privilege Escalation via Opportunistic Locks
CVSS 7.8
CVE-2020-15528 HIGH
GOG Galaxy Client 2.0.17 - Local Privilege Escalation via Weak File Permissions
CVSS 7.8
CVE-2020-15397 HIGH
HylaFAX+ < 7.0.2 - Unauthenticated Privilege Escalation via Writable Binary Execution
CVSS 7.8
CVE-2020-12041 CRITICAL
Baxter Sigma Spectrum Infusion System Firmware - Unauthenticated Sensitive Data Exposure via Telnet CLI
CVSS 9.4
CVE-2020-10782 MEDIUM
Ansible Tower 3.7.0 - Sensitive Information Exposure via Rsyslog Configuration File
CVSS 6.5
CVE-2020-11911 MEDIUM
Treck TCP/IP < 6.0.1.66 - Improper ICMPv4 Access Control
CVSS 5.3
CVE-2020-13431 HIGH
I2P <0.9.46 - Privilege Escalation
CVSS 7.8
CVE-2020-5358 MEDIUM
Dell Encryption < 10.7.0 and Dell Endpoint Security Suite Enterprise < 2.7 - Privilege Escalation via Symbolic Link
CVSS 6.7
CVE-2020-5755 HIGH
Webroot endpoint agents <v9.0.28.48 - Privilege Escalation
CVSS 7.8
CVE-2020-3961 HIGH
VMware Horizon Client < 5.4.3 - Privilege Escalation via Unsafe Library Loading
CVSS 7.8
CVE-2020-11613 HIGH
Mids' Reborn Hero Designer 2.6.0.7 - Uncontrolled Search Path Element via Insecure Installation Folder Permissions
CVSS 7.8
CVE-2020-1170 HIGH
Windows Defender - Elevation of Privilege via Arbitrary File Deletion
CVSS 7.8
CVE-2020-13866 HIGH
WinGate 9.4.1.5998 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2020-13912 HIGH
SolarWinds Advanced Monitoring Agent < 10.8.9 - Privilege Escalation via Trojan Horse .exe File
CVSS 7.3
CVE-2020-13386 HIGH
SmartDraw 2020 <27.0.0.0 - Privilege Escalation
CVSS 7.3
CVE-2020-12431 MEDIUM
Splashtop Software Updater <1.5.6.16 - Privilege Escalation
CVSS 6.6
CVE-2020-12831 MEDIUM
FRRouting FRR <7.3.1 - Info Disclosure
CVSS 5.3
CVE-2020-8153 HIGH
Groupfolders app 4.0.3 - Info Disclosure
CVSS 8.1
CVE-2020-5895 HIGH
NGINX Controller <3.3.0 - Memory Corruption
CVSS 7.8
CVE-2020-3312 HIGH
Cisco Firepower Threat Defense - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits