CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732
CVE-2017-15906 MEDIUM
OpenSSH < 7.6 - Unauthenticated Arbitrary File Creation in Readonly Mode
CVSS 5.3
CVE-2017-7146 MEDIUM
iPhone OS < 10.3.3 - User Tracking via Keychain Data Mishandling
CVSS 5.3
CVE-2017-15611 MEDIUM
Octopus Deploy < 3.17.6 - Authenticated Privilege Escalation via User Invitation
CVSS 6.5
CVE-2017-9514 HIGH
Bamboo <6.0.5, <6.1.x-6.1.4, <6.2.x-6.2.1 - Code Injection
CVSS 8.8
CVE-2017-1000096 HIGH
Jenkins Pipeline < 2.36 - Arbitrary Code Execution via Incomplete Sandbox Protection
CVSS 8.8
CVE-2017-1000095 MEDIUM
Jenkins Script Security < 1.29.1 - Sandbox Bypass via DefaultGroovyMethods Whitelist
CVSS 6.5
CVE-2017-9792 MEDIUM
Apache Impala <2.10.0 - Privilege Escalation
CVSS 6.5
CVE-2017-9958 HIGH
Schneider Electric U.motion Builder <= 1.2.1 - Unauthenticated Arbitrary Code Execution via Improper Access Control
CVSS 7.8
CVE-2017-14730 HIGH
Gentoo logstash-bin <5.5.3-5.6.1 - Privilege Escalation
CVSS 7.8
CVE-2017-13779 HIGH
Gstn India Goods And Services Tax Net... - Incorrect Permission Assignment
CVSS 7.8
CVE-2017-7560 MEDIUM
rhnsd - Insecure Temporary File Permissions
CVSS 5.5
CVE-2017-0784 HIGH
Android <7.1.2 - Privilege Escalation
CVSS 8.8
CVE-2017-0752 HIGH
Android <7.1.2 - Privilege Escalation
CVSS 7.8
CVE-2017-12713 HIGH
Advantech WebAccess < 8.2 - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2017-12816 CRITICAL
Kaspersky Internet Security for Android 11.12.4.1622 - Incorrect Permission Assignment for Critical Resource
CVSS 9.8
CVE-2017-11653 HIGH
Razer Synapse <2.20.15.1104 - Privilege Escalation
CVSS 7.8
CVE-2017-11652 HIGH
Razer Synapse <2.20.15.1104 - Privilege Escalation
CVSS 8.4
CVE-2017-8665 HIGH
Xamarin.iOS - Elevation of Privilege via Update Component
CVSS 7.8
CVE-2017-11156 HIGH
Synology Download Station 3.x < 3.5-2984 & 3.8.x < 3.8.5-3475 - Authenticated RCE via Weak Permissions
CVSS 7.8
CVE-2017-11437 MEDIUM
GitLab EE < 8.17.7, 9.0.11, 9.1.8, 9.2.8, 9.3.8 - Authenticated Repository Access via Mirroring Feature
CVSS 6.5
CVE-2017-9494 MEDIUM
Motorola MX011ANM <MX011AN_2.9p6s1_PROD_sey - RCE
CVSS 5.3
CVE-2017-9482 CRITICAL
Cisco DPC3939 - Privilege Escalation
CVSS 9.8
CVE-2017-9479 CRITICAL
Cisco DPC3939 Firmware dpc3939-P20-18-v303r20421746-170221a-CMCST - Remote Command Execution via syseventd Server
CVSS 9.8
CVE-2017-11422 HIGH
Statamic < 2.6.0 - Incorrect Permission Assignment for Critical Resource
CVSS 8.8
CVE-2017-1000022 HIGH
LogicalDoc CE <7.5.3 - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 1,666
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits