CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,666 vulnerabilities with CWE-732

CVE-2017-0884 MEDIUM

Nextcloud Server <9.0.55,10.0.2 - Info Disclosure

CVSS 4.3

CVE-2017-0883 MEDIUM

Nextcloud Server <9.0.55,10.0.2 - Privilege Escalation

CVSS 6.4

CVE-2017-6338 MEDIUM

Trend Micro InterScan Web Security Virtual Appliance < 6.5 - Incorrect Permission Assignment

CVSS 6.5

CVE-2017-7307 MEDIUM

Riverbed RiOS <9.0.1 - Privilege Escalation

CVSS 6.8

CVE-2017-5199 HIGH

SolarWinds LEM <6.3.1 - Authenticated RCE

CVSS 8.8

CVE-2017-6950 CRITICAL

SAP GUI for Windows 7.2-7.5 - Remote Code Execution via ABAP Code Injection

CVSS 9.8

CVE-2017-7199 HIGH

Nessus <6.10.3 - Privilege Escalation

CVSS 7.8

CVE-2017-6356 MEDIUM

Palo Alto Networks Terminal Services Agent 6.0-8.0 - Session Information Exposure via Weak Permissions

CVSS 5.3

CVE-2017-2290 HIGH

mcollective-puppet-agent <1.12.1 - Privilege Escalation

CVSS 8.8

CVE-2017-6104 HIGH

Wordpress Plugin Mobile App Native 3.0 - Remote File Upload

CVSS 7.5

CVE-2017-0317 HIGH

NVIDIA GPU and GeForce Experience Installer - Incorrect Permission Assignment for Critical Resource

CVSS 7.5

CVE-2017-0311 HIGH

NVIDIA GPU Display Driver R378 - Denial of Service or Privilege Escalation via Kernel Mode Layer Handler

CVSS 8.8

CVE-2017-0423 MEDIUM

Android 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 - Elevation of Privilege via Bluetooth

CVSS 5.3

CVE-2016-11080 MEDIUM

Mattermost Server < 3.0.0 - Unauthorized Account Details Exposure via Team Administrator API

CVSS 4.3

CVE-2016-11077 LOW

Mattermost Server < 3.0.0 - Unauthorized LDAP Account Modification via API

CVSS 2.7

CVE-2016-11065 MEDIUM

Mattermost Server < 3.3.0 - Unauthenticated WebSocket Message Spoofing

CVSS 4.3

CVE-2016-11062 MEDIUM

Mattermost Server < 3.5.1 - Email Verification Bypass

CVSS 5.3

CVE-2016-4983 LOW

dovecot - Unprotected SSL/TLS Key File Exposure via Postinstall Script

CVSS 3.3

CVE-2016-5202 CRITICAL

Google Chrome < 54.0.2840.98 - Use-After-Free in DIAL Registry Device ID Handling

CVSS 9.1

CVE-2016-2121 MEDIUM

Redhat Openstack - Incorrect Permission Assignment

CVSS 4.0

CVE-2016-8637 MEDIUM

dracut < 045 - Local Information Disclosure via World-Readable Initramfs Files

CVSS 5.0

CVE-2016-9604 MEDIUM

Linux Kernel < 4.11 - Incorrect Permission Assignment for Critical Resource

CVSS 4.4

CVE-2015-9456 MEDIUM

orbisius-child-theme-creator < 1.2.8 - Unauthenticated Arbitrary File Write via Theme Editor AJAX

CVSS 6.5

CVE-2014-125121 CRITICAL

Array Networks vAPV/vxAG <8.3.2.17-9.2.0.34 - Privilege Escalation

CVE-2014-0068 MEDIUM

OpenShift Origin Node Util - Incorrect Permission Assignment for Critical Resource

CVSS 5.5

Details

Vulnerabilities 1,666

Exploit Likelihood High

Links