CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732

CVE-2019-13009 MEDIUM

GitLab 9.2.0-12.0.2 - Unauthorized File Access via Unsaved Personal Snippet Uploads

CVSS 6.5

CVE-2019-12441 HIGH

GitLab 8.4.0-11.11.0 - Incorrect Access Control in Protected Branches Feature

CVSS 7.5

CVE-2019-11215 HIGH

Combodo iTop 2.2.0-2.3.9, 2.4.1-2.5.9 - Arbitrary Code Execution via Configuration File Race Condition

CVSS 8.1

CVE-2019-13321 HIGH

Xiaomi Browser < 10.4.0 - Arbitrary Code Execution via Captive Portal HTML Response

CVSS 8.0

CVE-2019-20358 HIGH

Trend Micro Anti-Threat Toolkit < 1.62.0.1218 - Uncontrolled Search Path Element

CVSS 7.8

CVE-2019-7656 HIGH

Wowza Streaming Engine <4.8.0 - Privilege Escalation

CVSS 7.8

CVE-2019-19363 HIGH

Ricoh Printer Drivers - Local Privilege Escalation via Incorrect Permission Assignment

CVSS 7.8

CVE-2019-19895 HIGH

IXP EasyInstall 6.2.13723 - Authenticated Lateral Movement via EveryLogon.bat Modification

CVSS 7.8

CVE-2019-19894 MEDIUM

IXP EasyInstall 6.2.13723 - Authenticated UAC Bypass via Agent Service

CVSS 5.5

CVE-2019-14629 MEDIUM

Intel(R) DAAL <2020 Gold - Info Disclosure

CVSS 5.5

CVE-2019-3683 HIGH

SUSE OpenStack Cloud keystone-json-assignment < 2019-02-18 - Incorrect Permission Assignment via User-Project Mapping

CVSS 8.8

CVE-2019-20327 HIGH

Centreon < 19.10 - Local Privilege Escalation via cwrapper_perl Insecure Permissions

CVSS 7.8

CVE-2019-16784 HIGH

PyInstaller <3.6 - Privilege Escalation

CVSS 7.0

CVE-2019-19727 MEDIUM

SchedMD Slurm <18.08.9, <19.05.5 - Privilege Escalation

CVSS 5.5

CVE-2019-19263 MEDIUM

GitLab 8.2.0-12.5.0 - Insecure Permissions

CVSS 4.3

CVE-2019-19262 MEDIUM

GitLab EE 11.9.0-12.5.1 - Insecure Permission Assignment

CVSS 4.3

CVE-2019-19087 MEDIUM

Gitlab EE <12.5.1 - Info Disclosure

CVSS 4.3

CVE-2019-19086 MEDIUM

Gitlab EE <12.5.1 - Info Disclosure

CVSS 4.3

CVE-2019-19736 MEDIUM

MFScripts YetiShare 3.5.2-4.5.3 - Session Cookie HttpOnly Flag Missing

CVSS 6.1

CVE-2019-3467 HIGH

debian-lan-config < 0.26 and debian-edu-config < 2.11.10 - Incorrect Permission Assignment for Kerberos Admin Server

CVSS 7.8

CVE-2019-19915 CRITICAL

301 Redirects - Easy Redirect Manager < 2.45 - Authenticated Cross-Site Request Forgery via Redirect Rule Manipulation

CVSS 9.0

CVE-2019-19341 MEDIUM

Ansible Tower <3.6.2 - Info Disclosure

CVSS 5.5

CVE-2019-8256 CRITICAL

ColdFusion Update 6 and earlier - Privilege Escalation via Insecure Installation Directory Permissions

CVSS 9.8

CVE-2019-19882 HIGH

shadow 4.8 - Incorrect Permission Assignment for Critical Resource

CVSS 7.8

CVE-2019-19315 HIGH

Nalpeiron Licensing Service <7.3.4.0 - Privilege Escalation

CVSS 7.1

Details

Vulnerabilities 1,664

Exploit Likelihood High

Links