CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732

CVE-2018-1113 MEDIUM

setup <2.11.4-1.fc28 - Privilege Escalation

CVSS 4.8

CVE-2018-10856 MEDIUM

podman <0.6.1 - Privilege Escalation

CVSS 5.3

CVE-2018-10843 HIGH

Openshift Container Platform < 3.7.53 - Privilege Escalation via Source-to-Image Assemble Script

CVSS 8.5

CVE-2018-13025 MEDIUM

YXcms 1.4.7 - Arbitrary File Deletion via Photo Controller picname Parameter

CVSS 4.9

CVE-2018-12922 HIGH

Vertiv Liebert IntelliSlot Firmware - Unauthenticated Access Control Bypass via configUser.htm or configTelnet.htm

CVSS 7.5

CVE-2018-1354 MEDIUM

FortiAnalyzer and FortiManager < 6.0.0 - Unauthenticated Arbitrary Avatar Picture Modification

CVSS 6.5

CVE-2018-11053 MEDIUM

Dell EMC iDRAC Service Module 3.0.1-3.2.0 - Incorrect File Permission Assignment in /etc/hosts

CVSS 6.5

CVE-2018-1000547 MEDIUM

corebos < 7.0 - Incorrect Access Control in Contacts Module

CVSS 5.3

CVE-2018-1000511 HIGH

WP ULike <3.1 - Incorrect Access Control

CVSS 7.5

CVE-2018-1000510 MEDIUM

WP Image Zoom 1.23 - Denial of Service via AJAX Settings

CVSS 6.5

CVE-2018-12642 HIGH

Froxlor <0.9.39.5 - Privilege Escalation

CVSS 7.5

CVE-2018-12615 MEDIUM

Phusion Passenger <5.3.2 - Privilege Escalation

CVSS 5.3

CVE-2018-11116 HIGH

OpenWrt - Authenticated Arbitrary Method Execution via rpcd ACL Mishandling

CVSS 8.8

CVE-2018-12028 HIGH

Phusion Passenger 5.3.x <5.3.2 - Info Disclosure

CVSS 7.8

CVE-2018-12027 HIGH

Phusion Passenger 5.3.x <5.3.2 - Info Disclosure

CVSS 8.8

CVE-2018-12335 HIGH

ECOS SMA <5.2.68 - Privilege Escalation

CVSS 7.3

CVE-2018-12457 HIGH

expresscart < 1.1.6 - Unauthenticated Admin User Creation via Referer Header

CVSS 8.8

CVE-2018-1036 HIGH

Windows NTFS - Elevation of Privilege via Improper Access Check

CVSS 7.0

CVE-2018-0982 HIGH

Windows 10 and Windows Server 2016 - Elevation of Privilege via Kernel API Permission Enforcement

CVSS 7.0

CVE-2018-12259 MEDIUM

Momentum Axel 720P <5.1.8 - Privilege Escalation

CVSS 6.8

CVE-2018-4251 MEDIUM

macOS < 10.13.5 - Unauthenticated Firmware Modification via EFI Flash-Memory Region

CVSS 5.5

CVE-2018-4238 LOW

iPhone OS < 11.4 - Lock-Screen Bypass via Siri

CVSS 2.4

CVE-2018-4220 HIGH

Swift < 4.1.1 - Arbitrary Code Execution via Library Loading

CVSS 8.8

CVE-2018-0352 MEDIUM

Cisco Wide Area Application Services - Authenticated Privilege Escalation via Disk Check Tool Script Replacement

CVSS 6.7

CVE-2018-11194 HIGH

Quest DR Series Disk Backup < 4.0.3.1 - Privilege Escalation

CVSS 8.8

Details

Vulnerabilities 1,666

Exploit Likelihood High

Links