CWE-275 · Permission Issues

110 CVEs classified under CWE-275 (Permission Issues). Browse by severity and year.

Top CVEs for CWE-275
CVESeverityScorePublishedSummary
CVE-2017-6513Critical9.92017-03-11The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to con…
CVE-2021-22566Critical9.82022-01-18An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. T…
CVE-2017-17060Critical9.82019-05-23OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.
CVE-2018-15379Critical9.82018-10-05A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote…
CVE-2017-16887Critical9.82018-01-12The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access t…
CVE-2023-39399Critical9.12023-08-13Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written witho…
CVE-2023-39398Critical9.12023-08-13Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written witho…
CVE-2022-0742Critical9.12022-03-18Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or…
CVE-2019-2177High8.82019-09-05In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could le…
CVE-2013-3703High8.82018-06-08The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove us…
CVE-2016-8520High8.82018-02-15HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated…
CVE-2017-11463High8.82017-12-11In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/upd…
CVE-2015-5153High8.82017-08-18Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an o…
CVE-2016-4924High8.42017-10-13An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE image…
CVE-2016-4288High8.42017-01-06A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions th…
CVE-2020-14496High8.32022-05-19Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow…
CVE-2016-10846High8.12019-08-01cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).
CVE-2017-2590High8.12018-07-27A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs…
CVE-2014-1632High8.12018-01-31htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
CVE-2025-58287High7.82025-10-11Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.