CWE-275 · Permission Issues
110 CVEs classified under CWE-275 (Permission Issues). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-6513 | Critical | 9.9 | 2017-03-11 | The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to con… |
CVE-2021-22566 | Critical | 9.8 | 2022-01-18 | An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. T… |
CVE-2017-17060 | Critical | 9.8 | 2019-05-23 | OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. |
CVE-2018-15379 | Critical | 9.8 | 2018-10-05 | A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote… |
CVE-2017-16887 | Critical | 9.8 | 2018-01-12 | The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access t… |
CVE-2023-39399 | Critical | 9.1 | 2023-08-13 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written witho… |
CVE-2023-39398 | Critical | 9.1 | 2023-08-13 | Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written witho… |
CVE-2022-0742 | Critical | 9.1 | 2022-03-18 | Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or… |
CVE-2019-2177 | High | 8.8 | 2019-09-05 | In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could le… |
CVE-2013-3703 | High | 8.8 | 2018-06-08 | The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove us… |
CVE-2016-8520 | High | 8.8 | 2018-02-15 | HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated… |
CVE-2017-11463 | High | 8.8 | 2017-12-11 | In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/upd… |
CVE-2015-5153 | High | 8.8 | 2017-08-18 | Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an o… |
CVE-2016-4924 | High | 8.4 | 2017-10-13 | An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE image… |
CVE-2016-4288 | High | 8.4 | 2017-01-06 | A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions th… |
CVE-2020-14496 | High | 8.3 | 2022-05-19 | Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow… |
CVE-2016-10846 | High | 8.1 | 2019-08-01 | cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). |
CVE-2017-2590 | High | 8.1 | 2018-07-27 | A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs… |
CVE-2014-1632 | High | 8.1 | 2018-01-31 | htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. |
CVE-2025-58287 | High | 7.8 | 2025-10-11 | Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality. |