CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2019-11167 HIGH
Intel Smart Connect Technology - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2019-11528 HIGH
Softing uaGate SI <1.60.01 - Path Traversal
CVSS 7.5
CVE-2019-11526 CRITICAL
Softing uaGate SI <1.60.01 - Path Traversal
CVSS 9.8
CVE-2019-1378 HIGH
Windows 10 Update Assistant - Privilege Escalation
CVSS 7.8
CVE-2019-3765 HIGH
Dell EMC Avamar Server 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and IDPA 2.0-2.4 - Authenticated Sensitive Backup Data Exposure
CVSS 8.1
CVE-2019-0073 MEDIUM
Junos OS Insecure PKI Key Export Permissions
CVSS 6.6
CVE-2019-6465 MEDIUM
BIND 9.9.0-9.12.3-P2, 9.13.0-9.13.6 - Incorrect Permission Assignment in Dynamically Loadable Zones
CVSS 5.3
CVE-2019-17051 HIGH
Evernote < 7.13 - Remote Code Execution via Quarantine Attribute Bypass
CVSS 7.8
CVE-2019-9378 HIGH
Android 10 - Local Privilege Escalation via Activity Manager Permission Bypass
CVSS 7.8
CVE-2019-12245 MEDIUM
SilverStripe <4.3.3 - Info Disclosure
CVSS 5.3
CVE-2019-13356 HIGH
Total Defense Anti-virus 9.0.0.773 - Local Privilege Escalation via DLL Hijacking
CVSS 7.8
CVE-2019-13355 HIGH
Total Defense Anti-virus 9.0.0.773 - Local Privilege Escalation via Directory Hijacking
CVSS 7.8
CVE-2019-9008 HIGH
CODESYS Control Runtime < 3.5.13.0 - Unauthenticated Privilege Escalation via Low-Privilege User
CVSS 8.8
CVE-2019-15721 MEDIUM
GitLab 10.8.0-12.2.1 - Authenticated Incorrect Permission Assignment for Critical Resource via Internal Endpoint
CVSS 5.4
CVE-2019-11166 MEDIUM
Intel Easy Streaming Wizard < 2.1.0731 - Authenticated Privilege Escalation via Improper File Permissions
CVSS 6.7
CVE-2019-16354 MEDIUM
Beego 1.10.0 - Session File Exposure via Race Condition in File Session Manager
CVSS 4.7
CVE-2019-16187 HIGH
LimeSurvey < 3.17.14 - Unauthenticated Cookie Access via Missing HttpOnly Flag
CVSS 7.5
CVE-2019-12645 HIGH
Cisco Jabber < 12.6(1) - Authenticated Arbitrary Code Execution via Improper File Permissions
CVSS 7.8
CVE-2019-12635 MEDIUM
Cisco Content Security Management Appliance < 12.5.0 - Authenticated Improper Authorization
CVSS 4.3
CVE-2019-2389 MEDIUM
MongoDB Server <4.0.11, <3.6.14, <3.4.22 - Privilege Escalation
CVSS 5.3
CVE-2019-15752 HIGH KEV
Docker Desktop Community Edition < 2.1.0.1 - Privilege Escalation via Trojan Horse docker-credential-wincred.exe
CVSS 7.8
CVE-2019-15316 HIGH
Valve Steam Client for Windows < 2019-08-20 - Privilege Escalation via TOCTOU Race Condition
CVSS 7.0
CVE-2019-15315 HIGH
Valve Steam Client for Windows < 2019-08-16 - Privilege Escalation via Binary Replacement
CVSS 7.8
CVE-2019-11806 LOW
OX App Suite <7.10.1 - Info Disclosure
CVSS 3.3
CVE-2019-13069 HIGH
extenua SilverSHielD 6.x < 6.1.14.144 - Local Privilege Escalation via ProgramData Folder Manipulation
CVSS 7.8
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits