VYPR

CWE-277

Insecure Inherited Permissions

VariantDraft

Description

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (32)

page 1 of 2
  • CVE-2026-7891CriMay 7, 2026
    risk 0.60cvss epss 0.00

    The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though…

  • CVE-2024-36542HigJul 25, 2024
    risk 0.57cvss 8.8epss 0.00

    Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

  • CVE-2016-6811HigApr 11, 2017
    risk 0.57cvss 8.8epss 0.03

    In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

  • CVE-2024-34329HigJul 22, 2024
    risk 0.55cvss 8.4epss 0.01

    Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload.

  • CVE-2024-29417HigMay 3, 2024
    risk 0.55cvss 8.4epss 0.00

    Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function.

  • CVE-2026-30266HigApr 20, 2026
    risk 0.51cvss 7.8epss 0.00

    Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.12 and before allows a local attacker to execute arbitrary code via a crafted file

  • CVE-2024-27848HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. A malicious app may be able to gain root privileges.

  • CVE-2024-27822HigMay 14, 2024
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to gain root privileges.

  • CVE-2024-23233HigMar 8, 2024
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.

  • CVE-2025-20008HigMay 13, 2025
    risk 0.50cvss 7.7epss 0.00

    Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-41601HigJul 19, 2024
    risk 0.49cvss 7.5epss 0.00

    Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component.

  • CVE-2024-27825HigMay 14, 2024
    risk 0.46cvss 7.1epss 0.00

    A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences.

  • CVE-2025-64185MedNov 20, 2025
    risk 0.45cvss epss 0.00

    Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in the GEM_PATH. Open OnDemand versions 4.0.8 and 3.1.16 have been patched for this vulnerability.

  • CVE-2025-32092MedFeb 10, 2026
    risk 0.44cvss 6.7epss 0.00

    Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable…

  • CVE-2025-24327MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Insecure inherited permissions for some Intel(R) Rapid Storage Technology Application before version 20.0.1021 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack…

  • CVE-2025-20629MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2026-44836MedMay 26, 2026
    risk 0.42cvss 6.5epss 0.00

    view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with public_send. The code does not verify that the requested method is one…

  • CVE-2025-11554MedOct 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited…

  • CVE-2024-36691MedJun 12, 2024
    risk 0.41cvss 6.3epss 0.00

    Insecure permissions in the AdminController.AjaxSave() method of PPGo_Jobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information.

  • CVE-2025-22448MedMay 13, 2025
    risk 0.40cvss 6.1epss 0.00

    Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow an authenticated user to potentially enable denial of service via local access.