CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2019-14869 HIGH
Ghostscript 9.x <9.50 - Privilege Escalation
CVSS 8.8
CVE-2019-15340 LOW
Xiaomi Redmi 6 Pro - Unauthenticated Permission Bypass via com.huaqin.factory Exported Interface
CVSS 3.3
CVE-2019-15339 LOW
Lava Z60s Firmware - Incorrect Permission Assignment for Critical Resource in com.android.lava.powersave
CVSS 3.3
CVE-2019-15338 LOW
Lava Iris 88 Lite Firmware - Incorrect Permission Assignment for Critical Resource in com.android.lava.powersave
CVSS 3.3
CVE-2019-15337 LOW
Lava Z81 Firmware - Incorrect Permission Assignment for Critical Resource in Power Save App
CVSS 3.3
CVE-2019-15336 LOW
Lava Z61 Turbo Firmware - Incorrect Permission Assignment for Critical Resource in com.android.lava.powersave
CVSS 3.3
CVE-2019-15335 LOW
Lava Z92 Firmware - Incorrect Permission Assignment for Critical Resource in Power Save App
CVSS 3.3
CVE-2019-15334 LOW
Lava Iris 88 Go Firmware - Incorrect Permission Assignment for Critical Resource in Power Save App
CVSS 3.3
CVE-2019-15333 LOW
Lava Flair Z1 Firmware - Incorrect Permission Assignment for Critical Resource in Power Save App
CVSS 3.3
CVE-2019-11155 HIGH
Intel PROSet/Wireless WiFi < 21.40 - DoS & Info Disclosure via Directory Permissions
CVSS 7.1
CVE-2019-11154 HIGH
Intel PROSet/Wireless WiFi < 21.40 - Authenticated Denial of Service and Information Disclosure via Local Access
CVSS 7.1
CVE-2019-18895 HIGH
Scanguard <2019-11-12 - Privilege Escalation
CVSS 7.8
CVE-2019-1457 HIGH
Microsoft Office - Security Feature Bypass via Macro Settings Enforcement
CVSS 7.8
CVE-2019-18856 HIGH
Drupal SVG Sanitizer <= 8.x-1.0-alpha1 - Denial of Service via SVG Use Element
CVSS 7.5
CVE-2019-13535 MEDIUM
Medtronic Valleylab FT10/LS10 <2.1.0/<1.20.2 - Info Disclosure
CVSS 4.6
CVE-2019-3425 HIGH
ZTE ZXUPN-9000E Firmware < 9000EV5.0R1B12 - Unauthenticated Password Reset via Permission Bypass
CVSS 8.8
CVE-2019-3866 MEDIUM
openstack-mistral - Information Exposure via World-Readable Undercloud Log Files
CVSS 5.5
CVE-2019-14824 MEDIUM
389 Directory Server - Unauthorized Attribute Disclosure via Deref Plugin
CVSS 6.5
CVE-2019-5642 LOW
Rapid7 Metasploit Pro < 4.16.0-2019091001 - Insecure File Permissions in Server Key
CVSS 3.3
CVE-2019-5068 MEDIUM
X11 Mesa 3D Graphics Library <19.1.2 - Memory Corruption
CVSS 4.4
CVE-2019-10084 HIGH
Apache Impala 2.7.0-3.2.0 - Auth Bypass
CVSS 7.5
CVE-2019-18422 HIGH
Xen <4.12.x - DoS/Privilege Escalation
CVSS 8.8
CVE-2019-18409 HIGH
ruby_parser-legacy 1.0.0 - Local Privilege Escalation via World-Writable Files
CVSS 7.8
CVE-2019-18192 HIGH
GNU Guix 1.0.1 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2019-8071 CRITICAL
Adobe Download Manager 2.0.0.363 - Insecure File Permissions Leading to Privilege Escalation
CVSS 9.8
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits