CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,665 vulnerabilities with CWE-732

CVE-2019-1600 MEDIUM

Cisco FXOS and NX-OS - Unauthorized Sensitive Information Access via Improper File Permissions

CVSS 4.4

CVE-2019-1596 HIGH

Cisco NX-OS Software - Privilege Escalation

CVSS 7.8

CVE-2019-2001 MEDIUM

Android - Local Information Disclosure via World-Readable /proc/iomem

CVSS 5.5

CVE-2019-7729 LOW

Bosch Smart Camera App <1.3.1 - Info Disclosure

CVSS 3.3

CVE-2019-0111 MEDIUM

Intel Data Center Manager < 5.0.2 - Authenticated Information Disclosure via Improper File Permissions

CVSS 5.5

CVE-2019-0108 MEDIUM

Intel Data Center Manager < 5.0.2 - Authenticated Information Disclosure via Improper File Permissions

CVSS 5.5

CVE-2019-0588 MEDIUM

Microsoft Exchange - Info Disclosure

CVSS 6.5

CVE-2018-15645 MEDIUM

Odoo < 12.0 - Authenticated Arbitrary Record Creation via Message Routing

CVSS 6.5

CVE-2018-17766 MEDIUM

Ingenico Telium 2 Firmware < 9.32.03 - Unauthenticated File Read via NTPT3 Protocol

CVSS 4.6

CVE-2018-21256 MEDIUM

Mattermost Server < 5.1.0 - Unauthenticated Group Message Channel Creation via Slash Command

CVSS 4.3

CVE-2018-21252 MEDIUM

Mattermost Server < 4.10.3, 5.0.3, 5.1.1, 5.2 - Unauthenticated Signup Policy Bypass via Multiple Email Addresses

CVSS 4.3

CVE-2018-21265 MEDIUM

Mattermost Desktop App < 4.0.0 - Incorrect Permission Assignment for Critical Resource via setPermissionRequestHandler

CVSS 5.3

CVE-2018-21261 MEDIUM

Mattermost Server 4.6.0-4.6.2 - Unintended Excessive Invitation Privileges via Email Invite

CVSS 4.3

CVE-2018-21255 MEDIUM

Mattermost Server < 5.1.0 - Unauthenticated Channel Modification via Channel PATCH API

CVSS 4.3

CVE-2018-21254 MEDIUM

Mattermost Server < 5.1.0 - Unauthenticated Access Control Bypass via Message Slash Command

CVSS 4.3

CVE-2018-21253 MEDIUM

Mattermost Server < 4.10.2, 5.0.2, 5.1 - Incorrect Permission Assignment via Invite People Slash Command

CVSS 4.3

CVE-2018-21081 CRITICAL

Samsung Android N(7.x) - Unauthorized Permission Assignment in Dual Messenger

CVSS 9.1

CVE-2018-18630 HIGH

McKesson Horizon Cardiology Firmware 13.x-14.x - Unauthorized Arbitrary Code Execution via Insecure File Permissions

CVSS 7.8

CVE-2018-12357 MEDIUM

Arista CloudVision Portal <2018.1.1 - Privilege Escalation

CVSS 6.5

CVE-2018-20936 LOW

cPanel 61.9999.55-62.0.39 - Unauthenticated SRS Secret Exposure via exim.conf

CVSS 3.3

CVE-2018-20909 HIGH

cPanel 61.9999.55-70.0.22 - Arbitrary File Permission Modification via Legacy Incremental Backup

CVSS 7.1

CVE-2018-20908 MEDIUM

cPanel 61.9999.55-71.9980.37 - Arbitrary File Read via pkgacct Custom Template Handling

CVSS 5.5

CVE-2018-20907 MEDIUM

cPanel 61.9999.55-62.0.47 - Incorrect Permission Assignment for Critical Resource

CVSS 4.3

CVE-2018-20906 MEDIUM

cPanel < 62.0.47 - Incorrect Permission Assignment for Critical Resource via API Call

CVSS 4.3

CVE-2018-20905 MEDIUM

cPanel < 62.0.47 - Incorrect Permission Assignment for Critical Resource

CVSS 5.4

Details

Vulnerabilities 1,665

Exploit Likelihood High

Links