CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732
CVE-2017-1266 MEDIUM
IBM Security Guardium 10.0 - Incorrect Permission Assignment for Critical Resource
CVSS 5.4
CVE-2017-15877 CRITICAL
GPWeb 8.4.61 - Unauthenticated Sensitive Information Exposure via db.php
CVSS 9.8
CVE-2017-1716 LOW
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, 9.2.0 - Sensitive Information Disclosure via Improper Permission Assignment
CVSS 3.3
CVE-2017-17568 HIGH
Scubez Posty Readymade Classifieds - Unauthenticated Sensitive Information Exposure via admin/user_activate_submit.php
CVSS 7.5
CVE-2017-13168 HIGH
Android Kernel - Elevation of Privilege in SCSI Driver
CVSS 7.8
CVE-2017-16895 HIGH
Arq 5.0.0.65-5.9.9 - Local Privilege Escalation via Helper App Data Packet
CVSS 7.8
CVE-2017-16933 HIGH
Icinga 2.x-2.8.1 - Privilege Escalation
CVSS 7.0
CVE-2017-8158 MEDIUM
FusionCompute V100R005C00 and V100R005C10 - Authenticated Denial of Service via VM Process Exhaustion
CVSS 6.5
CVE-2017-16882 HIGH
Icinga Core <1.14.0 - Privilege Escalation
CVSS 7.8
CVE-2017-1000221 MEDIUM
Opencast < 2.2.3 - Incorrect Permission Assignment for Critical Resource
CVSS 6.5
CVE-2017-1000125 HIGH
Codiad - Arbitrary File Write in Configuration File
CVSS 7.5
CVE-2017-0845 HIGH
Android 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 - Denial of Service in SyncStorageEngine
CVSS 7.5
CVE-2017-0831 HIGH
Android <8.0 - Privilege Escalation
CVSS 7.8
CVE-2017-0830 HIGH
Android <8.0 - Privilege Escalation
CVSS 7.8
CVE-2017-16834 HIGH
PNP4Nagios <0.6.26 - Privilege Escalation
CVSS 7.8
CVE-2017-15288 HIGH
Scala < 2.10.7, 2.11.x < 2.11.12, 2.12.x < 2.12.4 - Incorrect Permission Assignment
CVSS 7.8
CVE-2017-3166 HIGH
Apache Hadoop 2.6.1-2.6.5, 2.7.0-2.7.3, 3.0.0-alpha1-3.0.0-alpha3 - Sensitive File Exposure via YARN
CVSS 7.8
CVE-2017-16754 MEDIUM
Bolt < 3.3.6 - Unauthenticated Access to Profiler Routes
CVSS 5.3
CVE-2017-16757 HIGH
Hola VPN 1.34 - Privilege Escalation
CVSS 7.8
CVE-2017-16659 HIGH
Gentoo mail-filter/assp <1.9.8.13030 - Privilege Escalation
CVSS 7.8
CVE-2017-16638 CRITICAL
Gentoo net-misc/vde <2.3.2-r4 - Privilege Escalation
CVSS 9.8
CVE-2017-1000153 CRITICAL
Mahara <15.04.10-16.04.4 - Info Disclosure
CVSS 9.8
CVE-2017-1000134 HIGH
Mahara <1.8.6, <1.9.4, <1.10.1, <15.04.0 - Info Disclosure
CVSS 8.1
CVE-2017-15945 HIGH
MariaDB < 10.0.30 - Incorrect Permission Assignment for Critical Resource via chown Calls
CVSS 7.8
CVE-2017-5118 MEDIUM
Google Chrome <61.0.3163.79-61.0.3163.81 - XSS
CVSS 4.3
Details
Vulnerabilities 1,666
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits