CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,665 vulnerabilities with CWE-732
CVE-2019-12373 CRITICAL
Ivanti LANDESK Management Suite <10.0.1.168 - Info Disclosure
CVSS 9.0
CVE-2019-12589 HIGH
Firejail < 0.9.60 - Unauthenticated Seccomp Filter Bypass via Writable Filters
CVSS 8.8
CVE-2019-4078 HIGH
IBM WebSphere MQ 8.0.0.0-8.0.0.9 & 9.0.0.0-9.1.1 Privilege Escalation via Directory Permissions
CVSS 7.8
CVE-2019-12042 CRITICAL
Panda <18.07.03 - Privilege Escalation
CVSS 9.8
CVE-2019-10132 HIGH
libvirt >= 4.1.0 - Privilege Escalation
CVSS 8.8
CVE-2019-12102 CRITICAL
Kentico Xperience 11.0.0-12.0 - Unauthenticated Arbitrary File Upload and Exposure via Media Library Live Selector
CVSS 9.1
CVE-2019-12270 HIGH
OpenText Brava! <16.4 - Info Disclosure
CVSS 7.4
CVE-2019-0171 HIGH
Intel Quartus II 9.1-14.1 & Quartus Prime 15.1-18.0 - Privilege Escalation via Installer Permissions
CVSS 7.8
CVE-2019-0138 HIGH
Intel ACU Wizard < 12.0.0.129 - Authenticated Privilege Escalation via Directory Permissions
CVSS 7.8
CVE-2019-0086 HIGH
Intel CSME <11.8.65 & TXE <3.1.65 - Privilege Escalation via Dynamic Application Loader
CVSS 7.8
CVE-2019-10116 MEDIUM
GitLab Community/E Enterprise <11.7.8-11.9.2 - Info Disclosure
CVSS 4.3
CVE-2019-10115 MEDIUM
GitLab < 11.7.8, 11.8.x < 11.8.4, 11.9.x < 11.9.2 - Insecure Permissions in Releases Feature
CVSS 6.5
CVE-2019-10110 MEDIUM
GitLab <11.7.8, <11.8.4, <11.9.2 - Privilege Escalation
CVSS 6.5
CVE-2019-11328 HIGH
Singularity 3.1.0-3.2.0-rc2 - Privilege Escalation
CVSS 8.8
CVE-2019-8342 HIGH
Foxit Reader 3.1.0.0111 - Local Privilege Escalation via Incorrect libqcocoa.dylib Permissions
CVSS 7.8
CVE-2019-1803 MEDIUM
Cisco Nexus 9000 - Privilege Escalation
CVSS 6.7
CVE-2019-10710 HIGH
Hisilicon Hi3510 Firmware - Authenticated Cleartext WiFi Credential Exposure via Web Management Portal
CVSS 8.8
CVE-2019-11244 MEDIUM
Kubernetes 1.8.0-1.14.0 - Sensitive Information Exposure via World-Writable Cache Directory
CVSS 5.0
CVE-2019-9222 HIGH
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Path Traversal
CVSS 8.1
CVE-2019-3893 MEDIUM
Foreman 1.20.0-1.20.2 - Unauthenticated Plaintext Password Exposure via Compute Resource Deletion
CVSS 4.9
CVE-2019-0804 MEDIUM
Azure WaLinuxAgent - Info Disclosure
CVSS 6.5
CVE-2019-4093 MEDIUM
IBM Spectrum Protect 8.1.7 - Incorrect Permission Assignment for Critical Resource
CVSS 4.4
CVE-2019-9166 HIGH
Nagios XI < 5.5.11 - Privilege Escalation via Config File Manipulation
CVSS 7.8
CVE-2019-1618 HIGH
Cisco NX-OS 7.0(3)I4-7.0(3)I7(4) - Authenticated Remote Code Execution via Tetration Analytics Agent File Replacement
CVSS 7.8
CVE-2019-1601 HIGH
Cisco NX-OS < 8.3(1) - Authenticated Improper Access Control in Filesystem Permissions
CVSS 7.8
Details
Vulnerabilities 1,665
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits