CWE-732
High likelihoodIncorrect Permission Assignment for Critical Resource
Parent: CWE-285 - Improper Authorization
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
1,666 vulnerabilities with CWE-732
CVE-2018-6755
HIGH
McAfee True Key < 5.1.230.7 - Unauthenticated Arbitrary Code Execution via Weak Directory Permissions
CVSS 7.2
CVE-2018-14703
CRITICAL
Drobo 5N2 NAS <4.0.5-13.28.96115 - Info Disclosure
CVSS 9.8
CVE-2018-19836
MEDIUM
Metinfo 6.1.3 - Arbitrary HTTP Header Injection via applogin.php
CVSS 6.1
CVE-2018-15835
HIGH
Android 1.0-9.0 - Insecure Permission Assignment for Critical Resource
CVSS 7.5
CVE-2018-15768
MEDIUM
Dell OpenManage Network Manager < 6.5.0 - Insecure MySQL File System Access Control
CVSS 6.5
CVE-2018-11002
MEDIUM
Pulse Secure Desktop Client <= R6.0 build 1769 - Insecure Permissions
CVSS 5.5
CVE-2018-13355
MEDIUM
TerraMaster TOS 3.1.03 - Unauthenticated User Group Creation via ajaxdata.php
CVSS 6.5
CVE-2018-11914
HIGH
Android - Incorrect Permission Assignment for Critical Resource in /systemrw/
CVSS 7.8
CVE-2018-11913
HIGH
Android - Incorrect Permission Assignment for Critical Resource via Device Node Configuration
CVSS 7.8
CVE-2018-11910
HIGH
Android - Incorrect Permission Assignment for Critical Resource in /persist/
CVSS 7.8
CVE-2018-11909
HIGH
Android - Incorrect Permission Assignment for Critical Resource in /cache/
CVSS 7.8
CVE-2018-11908
HIGH
Android - Incorrect Permission Assignment for Critical Resource in /data/
CVSS 7.8
CVE-2018-11907
HIGH
Android - Incorrect Permission Assignment for Critical Resource in Firmware Directory
CVSS 7.8
CVE-2018-13321
HIGH
Buffalo TS5600D1206 Firmware 3.61-0.10 - Incorrect Permission Assignment via nasapi Method Parameter
CVSS 8.8
CVE-2018-18561
HIGH
Roche Accu-Chek Inform II, CoaguChek, cobas h 232, and Base Unit Hub < 03.01.04 - Remote Code Execution
CVSS 8.0
CVE-2018-14934
MEDIUM
Polycom Trio <5.5.4 - Privilege Escalation
CVSS 6.5
CVE-2018-6057
HIGH
Google Chrome <65.0.3325.146 - Privilege Escalation
CVSS 8.8
CVE-2018-3697
HIGH
Intel Media Server Studio - Privilege Escalation via Improper Directory Permissions
CVSS 7.8
CVE-2018-2490
HIGH
SAP Fiori Client < 1.11.5 - Unprotected Broadcast Message Exposure
CVSS 7.8
CVE-2018-2489
HIGH
SAP Fiori Client < 1.11.5 - Unauthenticated SSO Configuration Deletion
CVSS 7.8
CVE-2018-19072
MEDIUM
Opticam i5 Application Firmware 2.21.1.128 - Incorrect Permission Assignment for Critical Resource in /mnt/mtd/app
CVSS 5.5
CVE-2018-19071
HIGH
Opticam i5 Application Firmware 2.21.1.128 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2018-10712
HIGH
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Privilege Escalation via IO Port
CVSS 7.8
CVE-2018-10710
HIGH
Asrock A-tuning < 3.0.210 - Incorrect Permission Assignment
CVSS 7.1
CVE-2018-10709
HIGH
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Privilege Escalation via CR Register
CVSS 7.8
Details
Vulnerabilities
1,666
Exploit Likelihood
High