CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2019-9464 MEDIUM
Android 10 - Incorrect Permission Assignment for Critical Resource in Location Access Warning
CVSS 5.5
CVE-2019-17388 HIGH
Aviatrix VPN Client <= 2.2.10 - Local Privilege Escalation via Weak Installation Directory Permissions
CVSS 7.8
CVE-2019-19522 HIGH
OpenBSD 6.6 - Incorrect Permission Assignment for Critical Resource in S/Key or YubiKey Authentication
CVSS 7.8
CVE-2019-19382 HIGH
Max Secure Anti Virus Plus <19.0.4.020 - Privilege Escalation
CVSS 7.8
CVE-2019-5212 MEDIUM
Huawei P20 Firmware emily-l29c_9.1.0.311(c10e2r1p13t8) - Information Disclosure via Huawei Share
CVSS 5.5
CVE-2019-14812 HIGH
Ghostscript <9.50 - Privilege Escalation
CVSS 7.8
CVE-2019-18456 MEDIUM
GitLab 8.17.0-12.4.0 - Insecure Permissions in Elasticsearch Search Feature
CVSS 5.3
CVE-2019-18453 MEDIUM
GitLab 11.6-12.4 - Insecure Permission Assignment in Email Comment Feature
CVSS 4.3
CVE-2019-18452 MEDIUM
GitLab CE/EE <12.5 - Info Disclosure
CVSS 5.3
CVE-2019-18450 MEDIUM
GitLab < 12.4.0 - Insecure Permissions in Project Labels
CVSS 4.3
CVE-2019-18449 MEDIUM
GitLab < 12.4.0 - Insecure Permissions in Autocomplete Feature
CVSS 4.3
CVE-2019-18447 MEDIUM
GitLab < 12.4.0 - Insecure Permission Assignment
CVSS 4.3
CVE-2019-18446 MEDIUM
GitLab 8.15.0-12.4.0 - Insecure Permission Assignment
CVSS 4.3
CVE-2019-18459 MEDIUM
GitLab CE/EE 11.3-12.3 - Info Disclosure
CVSS 5.3
CVE-2019-18463 MEDIUM
GitLab < 12.4.0 - Insecure Permissions
CVSS 4.3
CVE-2019-18462 MEDIUM
GitLab 11.3-12.4 - Insecure Permission Assignment
CVSS 4.3
CVE-2019-13681 MEDIUM
Chrome < 77.0.3865.75 - Download Restriction Bypass via Crafted HTML Page
CVSS 4.3
CVE-2019-13679 LOW
Google Chrome <77.0.3865.75 - Info Disclosure
CVSS 3.3
CVE-2019-13677 MEDIUM
Google Chrome <77.0.3865.75 - Auth Bypass
CVSS 6.5
CVE-2019-13676 MEDIUM
Google Chrome < 77.0.3865.75 - Domain Spoofing via Crafted HTML Page
CVSS 4.3
CVE-2019-13665 MEDIUM
Google Chrome < 77.0.3865.75 - File Download Protection Bypass via Crafted HTML Page
CVSS 6.5
CVE-2019-4214 LOW
IBM SmartCloud Analytics Log Analysis 1.3.1-1.3.5 - Sensitive Information Exposure via Missing Secure Attribute
CVSS 3.7
CVE-2019-19197 HIGH
Kyrol Internet Security 9.0.6.9 - Privilege Escalation/DoS/RCE
CVSS 7.8
CVE-2019-16406 HIGH
Centreon Web 19.04.4 - Privilege Escalation
CVSS 7.8
CVE-2019-18958 HIGH
Nitro Pro < 13.2 - Arbitrary Code Execution via Debug Log File
CVSS 7.8
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits