VYPR

CWE-281

Improper Preservation of Permissions

BaseDraft

Description

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (135)

page 1 of 7
  • CVE-2017-8543CriKEVJun 15, 2017
    risk 0.82cvss 9.8epss 0.74

    Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an…

  • CVE-2024-46310CriJan 13, 2025
    risk 0.66cvss 9.1epss 0.02

    Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint

  • CVE-2017-8589CriJul 11, 2017
    risk 0.66cvss 9.8epss 0.26

    Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in…

  • CVE-2024-36532CriJun 21, 2024
    risk 0.65cvss 10.0epss 0.00

    Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

  • CVE-2024-56973CriFeb 14, 2025
    risk 0.64cvss 9.8epss 0.01

    Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.

  • CVE-2024-46622CriJan 6, 2025
    risk 0.64cvss 9.8epss 0.01

    An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion.

  • CVE-2018-4115CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass…

  • CVE-2025-43698CriJun 10, 2025
    risk 0.59cvss 9.1epss 0.00

    Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025

  • CVE-2025-25711HigMar 12, 2025
    risk 0.57cvss 8.8epss 0.00

    An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint

  • CVE-2017-8590HigJul 11, 2017
    risk 0.57cvss 8.8epss 0.01

    Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File…

  • CVE-2018-5163HigJun 11, 2018
    risk 0.53cvss 8.1epss 0.02

    If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this…

  • CVE-2017-8563HigJul 11, 2017
    risk 0.53cvss 8.1epss 0.07

    Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager…

  • CVE-2026-24194HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data…

  • CVE-2025-31184HigMar 31, 2025
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network.

  • CVE-2025-30456HigMar 31, 2025
    risk 0.51cvss 7.8epss 0.00

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.

  • CVE-2025-30449HigMar 31, 2025
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.

  • CVE-2024-44193HigOct 2, 2024
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.

  • CVE-2024-40828HigJul 29, 2024
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges.

  • CVE-2024-3291HigMay 17, 2024
    risk 0.51cvss 7.8epss 0.00

    When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories…

  • CVE-2024-3289HigMay 17, 2024
    risk 0.51cvss 7.8epss 0.00

    When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the…