CWE-732— Incorrect Permission Assignment for Critical Resource
1,704 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-732page 10 of 35
- CVE-2019-15338LOWCVSS 3.3EG 3.32019-11-14
The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, ve…
- CVE-2019-15339LOWCVSS 3.3EG 3.32019-11-14
The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) tha…
- CVE-2019-15340LOWCVSS 3.3EG 3.32019-11-14
The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (version…
- CVE-2019-15721MEDIUMCVSS 5.4EG 5.42019-09-16
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
- CVE-2019-15752HIGHCVSS 7.8EG 9.0⚠ KEV2019-08-28
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an…
- CVE-2019-1596HIGHCVSS 7.8EG 7.82019-03-07
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability…
- CVE-2019-1600MEDIUMCVSS 4.4EG 4.42019-03-07
A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulner…
- CVE-2019-1601HIGHCVSS 7.8EG 7.82019-03-08
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict files…
- CVE-2019-1618HIGHCVSS 7.8EG 7.82019-03-11
A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permiss…
- CVE-2019-16187HIGHCVSS 7.5EG 7.52019-09-09
Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script.
- CVE-2019-16354MEDIUMCVSS 4.7EG 4.72019-09-16
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
- CVE-2019-16406HIGHCVSS 7.8EG 7.82019-11-21
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launc…
- CVE-2019-16784HIGHCVSS 7.0EG 7.02020-01-14
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the c…
- CVE-2019-17051HIGHCVSS 7.8EG 7.82019-09-30
Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.
- CVE-2019-17388HIGHCVSS 7.8EG 7.82019-12-05
Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.
- CVE-2019-1803MEDIUMCVSS 6.7EG 6.72019-05-03
A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges a…
- CVE-2019-18192HIGHCVSS 7.8EG 7.82019-10-17
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.
- CVE-2019-18243MEDIUMCVSS 5.5EG 5.52021-02-18
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.
- CVE-2019-18255MEDIUMCVSS 5.5EG 5.52021-02-18
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.
- CVE-2019-18409HIGHCVSS 7.8EG 7.82019-10-24
The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert…
- CVE-2019-18422HIGHCVSS 8.8EG 8.82019-10-31
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. Wh…
- CVE-2019-18446MEDIUMCVSS 4.3EG 4.32019-11-26
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2).
- CVE-2019-18447MEDIUMCVSS 4.3EG 4.32019-11-26
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.
- CVE-2019-18449MEDIUMCVSS 4.3EG 4.32019-11-26
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2).
- CVE-2019-18450MEDIUMCVSS 4.3EG 4.32019-11-26
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions.
- CVE-2019-18452MEDIUMCVSS 5.3EG 5.32019-11-26
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions.
- CVE-2019-18453MEDIUMCVSS 4.3EG 4.32019-11-26
An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions.
- CVE-2019-18456MEDIUMCVSS 5.3EG 5.32019-11-26
An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4).
- CVE-2019-18459MEDIUMCVSS 5.3EG 5.32019-11-26
An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4).
- CVE-2019-18462MEDIUMCVSS 4.3EG 4.32019-11-26
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.
- CVE-2019-18463MEDIUMCVSS 4.3EG 4.32019-11-26
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4).
- CVE-2019-18577MEDIUMCVSS 6.7EG 6.72020-03-13
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.
- CVE-2019-18856HIGHCVSS 7.5EG 7.52019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
- CVE-2019-18895HIGHCVSS 7.8EG 7.82019-11-14
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
- CVE-2019-18899MEDIUMCVSS 6.2EG 5.52020-01-23
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap…
- CVE-2019-18958HIGHCVSS 7.8EG 7.82019-11-21
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is …
- CVE-2019-19086MEDIUMCVSS 4.3EG 4.32020-01-03
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).
- CVE-2019-19087MEDIUMCVSS 4.3EG 4.32020-01-03
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).
- CVE-2019-19197HIGHCVSS 7.8EG 7.82019-11-21
IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 using METHOD_NEITHER results in a read prim…
- CVE-2019-19216HIGHCVSS 8.8EG 8.82020-04-30
BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy.
- CVE-2019-19218HIGHCVSS 7.5EG 7.52020-04-30
BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage.
- CVE-2019-19262MEDIUMCVSS 4.3EG 4.32020-01-03
GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.
- CVE-2019-19263MEDIUMCVSS 4.3EG 4.32020-01-03
GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.
- CVE-2019-19315HIGHCVSS 7.1EG 7.12019-12-17
NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot.
- CVE-2019-19335MEDIUMCVSS 4.4EG 4.42020-03-18
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift AP…
- CVE-2019-19341MEDIUMCVSS 5.5EG 5.52019-12-19
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user with access to the Tower server, and know…
- CVE-2019-19363HIGHCVSS 7.8EG 7.82020-01-24
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later…
- CVE-2019-19382HIGHCVSS 7.8EG 7.82019-12-03
Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation.
- CVE-2019-1944HIGHCVSS 7.3EG 7.32019-08-07
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is …
- CVE-2019-19455HIGHCVSS 7.8EG 7.82020-08-03
Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands…
Map vulnerabilities like CWE-732 to your infrastructure
EchelonGraph correlates every CVE — across CWE-732 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →