CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,665 vulnerabilities with CWE-732
CVE-2018-20904 MEDIUM
cPanel < 62.0.47 - Incorrect Permission Assignment for Critical Resource via API Call Bypass
CVSS 4.3
CVE-2018-20871 CRITICAL
Univa Grid Engine - Incorrect Permission Assignment for Critical Resource
CVSS 9.8
CVE-2018-2024 HIGH
IBM QRadar SIEM 7.2 and 7.3 - Incorrect Permission Assignment for Critical Resource
CVSS 8.1
CVE-2018-14862 MEDIUM
Odoo 11.0 Authenticated Arbitrary Menu Item Deletion via Mail Templating RPC
CVSS 6.5
CVE-2018-14861 MEDIUM
Odoo Community 10.0, 11.0 and Odoo Enterprise 10.0, 11.0 - Authenticated Unauthorized Data Access via CSV Export
CVSS 6.5
CVE-2018-14866 MEDIUM
Odoo Community <= 11.0 and Odoo Enterprise <= 11.0 - Authenticated Data Access in TransientModel Framework
CVSS 4.3
CVE-2018-14916 CRITICAL
LOYTEC LGATE-902 <6.3.2 - Info Disclosure
CVSS 9.1
CVE-2018-14886 MEDIUM
Odoo Community and Enterprise 11.0 and earlier - Authenticated Local File Read via Module Description Renderer
CVSS 4.9
CVE-2018-19446 HIGH
Foxit Reader SDK (ActiveX) Pro 5.4.0.1031 - RCE
CVSS 7.8
CVE-2018-3702 HIGH
Intel Ite Tech Consumer Infrared Driver < 5.4.3.0 - Incorrect Permission Assignment
CVSS 7.8
CVE-2018-19860 HIGH
Broadcom and Cypress Firmware - Unauthenticated Remote Code Execution via LMP Command Handling
CVSS 8.8
CVE-2018-10171 CRITICAL
Kromtech MacKeeper 3.20.4 - Privilege Escalation
CVSS 9.8
CVE-2018-20008 MEDIUM
iBall Baton iB-WRB302N20122017 - Info Disclosure
CVSS 6.8
CVE-2018-3701 HIGH
Intel PROSet/Wireless WiFi < 20.100 - Authenticated Privilege Escalation via Improper Directory Permissions
CVSS 7.8
CVE-2018-20500 HIGH
GitLab 9.4.0-11.4.12, 11.5.0-11.5.5, 11.6.0 - Insecure Runner Registration Token Permissions
CVSS 7.5
CVE-2018-20007 MEDIUM
Yeelight Smart AI Speaker 3.3.10_0074 - Privilege Escalation
CVSS 6.8
CVE-2018-4028 HIGH
Anker Roav A1 Dashcam Firmware RoavA1SWV1.9 - Denial of Service via HTTP POST Request
CVSS 7.5
CVE-2018-12296 HIGH
Seagate NAS OS <4.3.15.1 - Info Disclosure
CVSS 7.5
CVE-2018-4073 HIGH
Sierra Wireless AirLink ES450 Firmware 4.9.3 - Authenticated Arbitrary Setting Write via EmbeddedAceSet_Task.cgi
CVSS 8.8
CVE-2018-4072 HIGH
Sierra Wireless AirLink ES450 Firmware 4.9.3 - Authenticated Incorrect Permission Assignment in EmbeddedAceSet_Task.cgi
CVSS 8.8
CVE-2018-19374 HIGH
Zoho ManageEngine ADManager Plus 6.6 Build 6657 - Privilege Escalation via Trojan Horse File in Bin Directory
CVSS 7.0
CVE-2018-14980 HIGH
ASUS ZenFone 3 Max Android - Info Disclosure
CVSS 7.1
CVE-2018-18094 HIGH
Intel Media SDK - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2018-6269 HIGH
NVIDIA Jetson TX2 < r28.3 - Privilege Escalation via Kernel Driver IOCTL Handling
CVSS 7.8
CVE-2018-17305 HIGH
UiPath Orchestrator <2018.2.4 - Privilege Escalation, RCE
CVSS 8.8
Details
Vulnerabilities 1,665
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits