CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732

CVE-2018-10612 CRITICAL

CODESYS Control V3 <3.5.14.0 - Info Disclosure

CVSS 9.8

CVE-2018-13374 MEDIUM KEV

FortiOS < 6.0.3 and FortiADC 5.4.0-5.4.4 - LDAP Server Credential Exposure via Connectivity Test Request

CVSS 4.3

CVE-2018-18812 MEDIUM

TIBCO Spotfire Analytics Platform for AWS < 10.0.0 and Spotfire Server <= 7.10.1 - Unauthorized File Modification

CVSS 6.5

CVE-2018-14662 MEDIUM

Ceph <13.2.4 - Privilege Escalation

CVSS 5.7

CVE-2018-5413 HIGH

Imperva SecureSphere <13.0-11.5 - Privilege Escalation

CVSS 8.8

CVE-2018-3703 HIGH

Intel SSD Data Center Tool < 3.0.17 - Authenticated Privilege Escalation via Improper Directory Permissions

CVSS 7.8

CVE-2018-18098 HIGH

Intel SGX Platform Software and SDK < 2.2.100 - Privilege Escalation via Improper File Verification

CVSS 7.3

CVE-2018-12177 HIGH

Intel(R) PROSet/Wireless WiFi <20.90.0.7 - Privilege Escalation

CVSS 7.8

CVE-2018-0449 MEDIUM

Cisco Jabber Client Framework - Privilege Escalation

CVSS 4.2

CVE-2018-16087 MEDIUM

Google Chrome < 69.0.3497.81 - Navigation Restriction Bypass via Permissions State Tracking

CVSS 4.3

CVE-2018-20131 HIGH

Code42 <6.8.4 - Privilege Escalation

CVSS 7.8

CVE-2018-14987 HIGH

MXQ TV Box Firmware 4.4.2 - Unauthenticated Factory Reset via Unprotected MasterClearReceiver

CVSS 7.1

CVE-2018-20567 MEDIUM

DouCo DouPHP 1.5 20181221 - Incorrect Permission Assignment for Critical Resource via install.lock Bypass

CVSS 5.3

CVE-2018-20420 MEDIUM

webERP 4.15 - Unauthenticated Arbitrary File Write via TemplateName Directory Traversal

CVSS 4.9

CVE-2018-18332 HIGH

Trend Micro OfficeScan XG - Incorrect Permission Assignment for Critical Resource

CVSS 7.5

CVE-2018-18331 HIGH

Trend Micro OfficeScan XG - Incorrect Permission Assignment for Critical Resource

CVSS 7.5

CVE-2018-11964 HIGH

Android - Unprotected User Data Exposure via /etc/passwd Hash Disclosure

CVSS 7.8

CVE-2018-6978 MEDIUM

vRealize Operations 6.6.0-6.6.1.11286876 - Local Privilege Escalation via Support Scripts

CVSS 6.7

CVE-2018-3705 MEDIUM

Intel System Defense Utility - Denial of Service via Improper Directory Permissions

CVSS 5.5

CVE-2018-3704 HIGH

Intel Parallel Studio < 2019 - Authenticated Privilege Escalation via Installer Directory Permissions

CVSS 7.8

CVE-2018-18097 HIGH

Intel Solid State Drive Toolbox < 3.5.7 - Authenticated Privilege Escalation via Directory Permissions

CVSS 7.8

CVE-2018-18093 HIGH

Intel VTune Amplifier < 2018 Update 3 - Privilege Escalation via Improper File Permissions

CVSS 7.8

CVE-2018-20145 HIGH

Eclipse Mosquitto <1.5.5 - Auth Bypass

CVSS 7.5

CVE-2018-18352 MEDIUM

Google Chrome < 71.0.3578.80 - Same Origin Policy Bypass for Audio Content via Crafted HTML Page

CVSS 6.5

CVE-2018-18349 MEDIUM

Google Chrome < 71.0.3578.80 - Local File Access via Malicious Extension

CVSS 6.5

Details

Vulnerabilities 1,666

Exploit Likelihood High

Links