CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732
CVE-2018-1203 MEDIUM
Dell EMC Isilon OneFS 8.0.0.0-8.0.0.6 - Privilege Escalation via Sudo tcpdump
CVSS 6.7
CVE-2018-5349 HIGH
Heimdal PRO v2.2.190 - Privilege Escalation
CVSS 7.8
CVE-2018-8933 CRITICAL
AMD EPYC Server Firmware - Incorrect Permission Assignment for Critical Resource
CVSS 9.0
CVE-2018-8932 CRITICAL
AMD Ryzen and Ryzen Pro Firmware - Insufficient Access Control for Secure Processor
CVSS 9.0
CVE-2018-8931 CRITICAL
AMD Ryzen, Ryzen Pro, and Ryzen Mobile Firmware - Insufficient Access Control for Secure Processor
CVSS 9.0
CVE-2018-1141 HIGH
Nessus <7.0.3 - Privilege Escalation
CVSS 7.0
CVE-2018-1197 HIGH
Windows Stemcells <1200.14 - Privilege Escalation
CVSS 8.5
CVE-2018-1000132 CRITICAL
Mercurial < 4.5.1 - Unauthorized Data Access via Protocol Server
CVSS 9.1
CVE-2018-1386 HIGH
IBM Tivoli Workload Automation for AIX - Privilege Escalation
CVSS 7.8
CVE-2018-1000080 MEDIUM
Ajenti 2 - Insecure Permissions in Plugin Download
CVSS 6.5
CVE-2018-1000072 HIGH
iRedMail <commit f04b8ef - Info Disclosure
CVSS 7.5
CVE-2018-1000071 HIGH
Roundcube Webmail < 1.3.4 - Insecure Permissions in Enigma Plugin
CVSS 7.5
CVE-2018-6623 HIGH
Hola VPN 1.79.859 - Unauthenticated Arbitrary File Write via Service Permissions
CVSS 8.8
CVE-2018-7581 HIGH
WebLog Expert Web Server Enterprise 9.4 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2018-1069 HIGH
Red Hat OpenShift Enterprise 3.7 - Improper Access Control for Container Network Filesystems
CVSS 7.1
CVE-2018-5313 HIGH
Rapid Scada 5.5.0 - Privilege Escalation
CVSS 7.8
CVE-2018-1417 HIGH
IBM Java SDK 7.1 and 8.0 - Unauthenticated Privilege Escalation via J9 JVM Security Manager Bypass
CVSS 8.1
CVE-2018-7408 HIGH
npm 5.7.0 - Incorrect Permission Assignment for Critical Resource via correctMkdir
CVSS 7.8
CVE-2018-7311 HIGH
PrivateVPN 2.0.31 - Privilege Escalation via OpenVPN Binary Overwrite
CVSS 8.8
CVE-2018-1168 HIGH
ABB MicroSCADA 9.3 - Privilege Escalation
CVSS 7.8
CVE-2018-1164 CRITICAL
ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5 - DoS
CVSS 9.8
CVE-2018-7169 MEDIUM
shadow 4.5 - Unauthenticated Incorrect Permission Assignment via newgidmap
CVSS 5.3
CVE-2018-1000025 HIGH
Firebase Admin SDK for PHP <3.8.0 - Info Disclosure
CVSS 8.1
CVE-2018-1053 HIGH
PostgreSQL 9.3.0-9.3.20, 9.4.0-9.4.15, 9.5.0-9.5.10, 9.6.0-9.6.6, 10.0-10.1 - Insecure Temporary File Permissions
CVSS 7.0
CVE-2018-6606 HIGH
MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation via IOCTL 0x80002010 and 0x8000204C
CVSS 7.8
Details
Vulnerabilities 1,666
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits