CWE-732
High likelihoodIncorrect Permission Assignment for Critical Resource
Parent: CWE-285 - Improper Authorization
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
1,666 vulnerabilities with CWE-732
CVE-2017-0703
HIGH
Android <7.1.2 - Privilege Escalation
CVSS 7.8
CVE-2017-9615
CRITICAL
Cognito Software Moneyworks <8.0.3 - Info Disclosure
CVSS 9.8
CVE-2017-9780
HIGH
Flatpak <0.8.7 - Privilege Escalation
CVSS 7.8
CVE-2017-8450
HIGH
Elastic X-Pack 5.1.1 - Unauthorized Exposure of Sensitive Information via Multi-Search and Multi-Get Requests
CVSS 7.5
CVE-2017-8449
MEDIUM
Elastic X-Pack Security 5.2.0-5.2.1 - Sensitive Information Exposure via FLS Rule Merging
CVSS 5.9
CVE-2017-9602
CRITICAL
KBVault Mysql Free Knowledge Base <0.16a - RCE
CVSS 9.8
CVE-2017-9606
HIGH
Infotecs ViPNet Client and Coordinator <4.3.2-42442 - Privilege Escalation via Trojan Update
CVSS 7.3
CVE-2017-7563
HIGH
ARM Trusted Firmware 1.3 - Memory Corruption
CVSS 8.1
CVE-2017-9462
HIGH
Mercurial < 4.1.3 - Authenticated Remote Code Execution via Debugger Repository Name
CVSS 8.8
CVE-2017-7337
CRITICAL
Fortinet FortiPortal <4.0.0 - Info Disclosure
CVSS 9.1
CVE-2017-9136
HIGH
Mimosa Client Radios <2.2.3 - Code Injection
CVSS 7.5
CVE-2017-9079
MEDIUM
Dropbear <2017.75 - Info Disclosure
CVSS 4.7
CVE-2017-7493
HIGH
QEMU < 2.9.1 - Improper Access Control in VirtFS 9pfs Mapped-File Security Mode
CVSS 7.8
CVE-2017-0601
MEDIUM
Android 7.0-7.1.2 - Elevation of Privilege via Bluetooth File Acceptance
CVSS 5.5
CVE-2017-0593
HIGH
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 - Elevation of Privilege via Framework APIs
CVSS 7.8
CVE-2017-8858
CRITICAL
Veritas NetBackup < 8.0 and NetBackup Appliance < 3.0 - Unauthenticated Privileged Remote File Write via bprd Process
CVSS 9.8
CVE-2017-8857
CRITICAL
Veritas NetBackup < 8.0 and NetBackup Appliance < 3.0 - Unauthenticated Remote Command Execution via bprd Process
CVSS 9.8
CVE-2017-8856
CRITICAL
Veritas NetBackup < 8.0 and NetBackup Appliance < 3.0 - Unauthenticated Remote Code Execution via bprd Process
CVSS 9.8
CVE-2017-0352
HIGH
NVIDIA GPU Display Driver - Incorrect Permission Assignment for Critical Resource in GPU Firmware
CVSS 7.8
CVE-2017-8391
MEDIUM
CA Client Automation r12.9, r14.0, and r14.0 SP1 - Sensitive Information Exposure via OS Installation Management
CVSS 5.5
CVE-2017-2115
MEDIUM
Cybozu Office 10.0.0-10.5.0 - Auth Bypass
CVSS 4.3
CVE-2017-7850
HIGH
Nessus 6.10.x < 6.10.5 - Local Privilege Escalation via Insecure Agent Mode Permissions
CVSS 7.8
CVE-2017-7849
MEDIUM
Nessus 6.10.x < 6.10.5 - Local Denial of Service via Insecure Agent Mode Permissions
CVSS 5.5
CVE-2017-7889
HIGH
Linux Kernel <= 3.2 - Unprotected Kernel Memory Access via /dev/mem
CVSS 7.8
CVE-2017-3006
HIGH
Adobe Creative Cloud <= 3.9.5.353 - Incorrect Permission Assignment for Critical Resource
CVSS 8.8
Details
Vulnerabilities
1,666
Exploit Likelihood
High