CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,664 vulnerabilities with CWE-732
CVE-2019-7958 CRITICAL
Creative Cloud Desktop App <4.6.1 - Privilege Escalation
CVSS 9.8
CVE-2019-15119 MEDIUM
ehang-io nps < 0.23.2 - Incorrect Permission Assignment for Critical Resource
CVSS 5.5
CVE-2019-15084 HIGH
Realtek Waves MaxxAudio driver 1.6.2.0 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2019-0341 HIGH
SAP Enable Now 1902 - Session Cookie HttpOnly Flag Missing
CVSS 8.8
CVE-2019-12808 HIGH
ALTOOLS < 18.1 - Local Privilege Escalation via Insecure Service Executable Permissions
CVSS 7.8
CVE-2019-14969 HIGH
Netwrix Auditor < 9.8 - Unauthenticated DLL Hijacking via Insecure Log Directory Permissions
CVSS 7.8
CVE-2019-14935 HIGH
3CX Phone 15 - Privilege Escalation via Insecure Directory Permissions
CVSS 7.8
CVE-2019-1944 HIGH
Cisco Adaptive Security Appliance < 9.4.4.37 - Privilege Escalation via Smart Tunnel
CVSS 7.3
CVE-2019-14743 MEDIUM
Valve Steam Client for Windows < 2019-08-07 - Incorrect Permission Assignment for Critical Resource
CVSS 6.6
CVE-2019-11270 HIGH
Pivotal Software Application Service - Improper Privilege Management
CVSS 7.5
CVE-2019-14395 LOW
cPanel < 80.0.5 - Incorrect Permission Assignment for Queueprocd Log
CVSS 3.3
CVE-2019-1010101 CRITICAL
Akeo Rufus < 3.0 - Insecure Permissions Leading to Privilege Escalation
CVSS 9.8
CVE-2019-5222 MEDIUM
Huawei <Tony-AL00B 9.1.0.216 - Info Disclosure
CVSS 5.5
CVE-2019-12876 HIGH
Zoho ManageEngine ADManager Plus, ADSelfService Plus, and DesktopCentral - Privilege Escalation via Insecure Permissions
CVSS 7.3
CVE-2019-1010009 CRITICAL
DGLogik DGLux Server - Insecure Permissions Leading to Remote Execution and Credential Leaks in IoT API
CVSS 9.8
CVE-2019-12577 HIGH
Private Internet Access VPN Client v82 for macOS - Privilege Escalation via openvpn_launcher.64
CVSS 7.8
CVE-2019-13142 MEDIUM
Razer Surround 1.1.63.0 - Elevation of Privilege via Insecure DACL on Driver Folder
CVSS 5.5
CVE-2019-13208 HIGH
Waves MAXX Audio 1.9.29.0 - Privilege Escalation via Registry Key Permission
CVSS 7.3
CVE-2019-13012 HIGH
GLib < 2.59.1 - Incorrect Permission Assignment for Critical Resource in Keyfile Settings Backend
CVSS 7.5
CVE-2019-2023 HIGH
Android 8.0-9 - Insecure Permission Assignment in ServiceManager::add
CVSS 7.8
CVE-2019-12133 HIGH
Multiple Zoho ManageEngine products - Privilege Escalation
CVSS 7.8
CVE-2019-2257 HIGH
Snapdragon Auto et al - Privilege Escalation
CVSS 7.8
CVE-2019-12777 HIGH
ENTTEC Datagate MK2, Storm 24, Pixelator, E-Streamer MK2 Firmware 70044 - Insecure Directory Permissions
CVSS 7.8
CVE-2019-8283 MEDIUM
Gemalto Sentinel LDK < 7.92 - Cookie Theft via Missing HttpOnly Flag
CVSS 6.5
CVE-2019-12373 CRITICAL
Ivanti LANDESK Management Suite <10.0.1.168 - Info Disclosure
CVSS 9.0
Details
Vulnerabilities 1,664
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits