CWE-732

4/13/2021CWE-732, CWE-732

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Affected Product: C-Bus Toolkit

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Affected Product: C-Bus Toolkit ...

CVE-2022-43946

4/11/2023CWE-732, CWE-367 +1

Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in F

Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in F...

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permi

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permi...

11/6/2019CWE-732, CWE-732

CVE-2025-54546

10/29/2025CWE-732, CWE-732

On affected platforms, restricted users could use SSH port forwarding to access host-internal services

CVE-2023-32723

8.5HIGH

Request to LDAP is sent before user permissions are checked.

10/12/2023CWE-732, CWE-732

CVE-2022-36122

10/21/2022CWE-732, CWE-732

The Automox Agent before 40 on Windows incorrectly sets permissions on key files.

CVE-2023-0225

4.3MEDIUM

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.

4/3/2023CWE-732, CWE-732 +1

CVE-2022-0277

6.5MEDIUM

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.

1/20/2022CWE-732, CWE-732

CVE-2022-39186

6.2MEDIUM

EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions

1/12/2023CWE-732, CWE-732

CVE-2023-4332

8/15/2023CWE-732, CWE-732

Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file

CVE-2022-48257

5.3MEDIUM

In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp.

1/13/2023CWE-732, CWE-732

CVE-2022-3258

3.7LOW

Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse.

11/3/2022CWE-732, CWE-732

CVE-2023-28123

4/19/2023CWE-732, CWE-732 +1

A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0

A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0...

CVE-2023-28133

7/23/2023CWE-732, CWE-732

Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file

CVE-2025-57741

An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitra

An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitra...

10/14/2025CWE-732

CVE-2025-54545

10/29/2025CWE-732, CWE-732

On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.

CVE-2023-31748

5/24/2023CWE-732, CWE-732

Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file.

CVE-2022-2332

6.2MEDIUM

A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment.

9/16/2022CWE-732, CWE-732

CVE-2022-1316

4/11/2022CWE-732, CWE-732

Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation

CVE-2023-22294

4/18/2023CWE-732, CWE-732

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.

CVE-2022-45193

5.9MEDIUM

CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation.

11/12/2022CWE-732, CWE-732

CVE-2022-33695

5.1MEDIUM

Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.

7/12/2022CWE-732, CWE-732

CVE-2022-44715

1/27/2023CWE-732, CWE-732

Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload.

CVE-2024-7612

10/8/2024CWE-732, CWE-732

Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.

CVE-2023-1692

5/20/2023CWE-732, CWE-732

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-27084

5.3MEDIUM

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.

3/16/2023CWE-732, CWE-732

CVE-2023-31874

5/29/2023CWE-732, CWE-732

Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').

CVE-2023-33004

4.3MEDIUM

A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics.

5/16/2023CWE-732, CWE-732

CVE-2023-25438

12/4/2024CWE-732, CWE-732

An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files.

5/4/2023CWE-732, CWE-732

CVE-2021-44167

6.8MEDIUM

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauth

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauth...

5/11/2022CWE-732

CVE-2024-12151

5.0MEDIUM

Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets.

CVE-2023-32724

9.1CRITICAL

Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.

10/12/2023CWE-732, CWE-732

CVE-2023-1135

3/27/2023CWE-732, CWE-732

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation.

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation....

CVE-2023-27095

6.5MEDIUM

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.

3/16/2023CWE-732, CWE-732

CVE-2021-37304

An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.

2/3/2023CWE-732, CWE-732

CVE-2014-0068

6/30/2022CWE-732, CWE-732

It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.

CVE-2019-18243

2/18/2021CWE-732, CWE-732

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.

CVE-2019-18255

2/18/2021CWE-732, CWE-732

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.

CVE-2025-0758

6.1MEDIUM

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732) Description Hitachi Va

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732) Description Hitachi Va...

4/16/2025CWE-732

CVE-2022-1348

6.5MEDIUM

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock

A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock...

5/25/2022CWE-732, CWE-732 +1

CVE-2024-5915

8/14/2024CWE-732, CWE-732

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.

CVE-2024-37369

6/14/2024CWE-732, CWE-732

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further acces

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further acces...

CVE-2023-49257