CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,665 vulnerabilities with CWE-732
CVE-2018-19589 MEDIUM
Utimaco CryptoServer HSM - Privilege Escalation
CVSS 6.5
CVE-2018-1787 MEDIUM
IBM Spectrum Protect 7.1.0.0-7.1.8.4 - Unprotected Password Exposure via Insecure File Permissions
CVSS 5.1
CVE-2018-4324 MEDIUM
macOS < 10.14 - Unprotected User Data Exposure via Apple ID Permission Handling
CVSS 5.5
CVE-2018-4178 MEDIUM
macOS < 10.13.4 - Unprotected User Data Exposure via Incorrect Permission Assignment
CVSS 5.5
CVE-2018-4051 MEDIUM
GOG Galaxy 1.2.47 - Local Privilege Escalation via Privileged Helper Tool
CVSS 5.5
CVE-2018-4049 HIGH
GOG Galaxy 1.2.48.36 - Local Privilege Escalation via Games Directory File Permissions
CVSS 7.8
CVE-2018-3974 HIGH
GOG Galaxy - Unauthenticated Local Privilege Escalation via Install Directory File Overwrite
CVSS 7.8
CVE-2018-19113 HIGH
Pronestor Health Monitoring < 8.1.12.0 - Privilege Escalation via Trojan Horse Executable
CVSS 7.3
CVE-2018-4050 HIGH
GOG Galaxy 1.2.47 - Local Privilege Escalation via Folder Permission Manipulation
CVSS 7.8
CVE-2018-12546 MEDIUM
Eclipse Mosquitto <1.5.5 - Info Disclosure
CVSS 6.5
CVE-2018-18435 HIGH
kioware_server < 4.9.6 - Unauthenticated Privilege Escalation via Weak Directory Permissions
CVSS 7.8
CVE-2018-15508 HIGH
Five9 Agent Desktop Plus 10.0.70 - Denial of Service via WebSocket Connection on Port 8083
CVSS 7.5
CVE-2018-15509 CRITICAL
Five9 Agent Desktop Plus 10.0.70 - Incorrect Access Control
CVSS 9.8
CVE-2018-19393 HIGH
Cobham Satcom Sailor 800/900 - Privilege Escalation
CVSS 7.5
CVE-2018-18254 HIGH
CapMon Access Manager < 5.4.1.1005 - Unauthenticated Privilege Escalation via Custom App Launcher Whitelist Bypass
CVSS 7.8
CVE-2018-12223 MEDIUM
Intel Graphics Driver < 24.20.100.6373 - Guest-to-Host Escape via User Mode Driver
CVSS 6.3
CVE-2018-12217 LOW
Intel Graphics Driver < 24.20.100.6373 - Insufficient Access Control in Kernel Mode
CVSS 2.3
CVE-2018-12209 LOW
Intel Graphics Driver < 24.20.100.6373 - Unprivileged Device Configuration Information Disclosure
CVSS 3.3
CVE-2018-12200 MEDIUM
Intel Capability Licensing Service < 1.50.638.1 - Incorrect Permission Assignment
CVSS 6.7
CVE-2018-20621 HIGH
Microvirt MEmu 6.0.6 - Local Privilege Escalation via Binary Planting
CVSS 7.8
CVE-2018-20798 HIGH
pfSense 2.4.4_1 - Incorrect Permission Assignment for Critical Resource
CVSS 7.5
CVE-2018-18495 MEDIUM
Firefox < 64.0 - Incorrect Permission Assignment for Critical Resource via WebExtension Content Scripts
CVSS 6.5
CVE-2018-12396 MEDIUM
Firefox ESR < 60.3 - Privilege Escalation
CVSS 6.5
CVE-2018-9867 MEDIUM
SonicOS < 5.9.1.10 - Improper Authorization in Certificate Download
CVSS 5.5
CVE-2018-10612 CRITICAL
CODESYS Control V3 <3.5.14.0 - Info Disclosure
CVSS 9.8
Details
Vulnerabilities 1,665
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits