VYPR

CWE-281

Improper Preservation of Permissions

BaseDraft

Description

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (135)

page 3 of 7
  • CVE-2001-1515HigDec 31, 2001
    risk 0.49cvss 7.5epss 0.04

    Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.

  • CVE-2025-24337HigJan 20, 2025
    risk 0.48cvss 8.4epss 0.00

    WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.

  • CVE-2017-8494HigJun 15, 2017
    risk 0.48cvss 7.3epss 0.02

    Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of…

  • CVE-2025-37735HigNov 6, 2025
    risk 0.46cvss 7.0epss 0.00

    Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.

  • CVE-2024-40821HigJul 29, 2024
    risk 0.46cvss 7.1epss 0.00

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct sandbox restrictions.

  • CVE-2024-40805HigJul 29, 2024
    risk 0.46cvss 7.1epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.

  • CVE-2017-8593HigAug 8, 2017
    risk 0.46cvss 7.0epss 0.01

    Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle…

  • CVE-2017-8581HigJul 11, 2017
    risk 0.46cvss 7.0epss 0.01

    Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle…

  • CVE-2017-8580HigJul 11, 2017
    risk 0.46cvss 7.0epss 0.01

    Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle…

  • CVE-2017-8577HigJul 11, 2017
    risk 0.46cvss 7.0epss 0.01

    Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle…

  • CVE-2017-8574HigJul 11, 2017
    risk 0.46cvss 7.0epss 0.01

    Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from…

  • CVE-2017-8573HigJul 11, 2017
    risk 0.46cvss 7.0epss 0.01

    Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle…

  • CVE-2017-8562HigJul 11, 2017
    risk 0.46cvss 7.0epss 0.01

    Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC…

  • CVE-2017-8561HigJul 11, 2017
    risk 0.46cvss 7.0epss 0.01

    Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of…

  • CVE-2017-8556HigJul 11, 2017
    risk 0.46cvss 7.0epss 0.01

    Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle…

  • CVE-2017-8467HigJul 11, 2017
    risk 0.46cvss 7.0epss 0.01

    Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in…

  • CVE-2017-8579HigJun 29, 2017
    risk 0.46cvss 7.0epss 0.01

    The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."

  • CVE-2018-12989MedAug 3, 2018
    risk 0.44cvss 6.7epss 0.00

    The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.

  • CVE-2026-35350MedApr 22, 2026
    risk 0.43cvss 6.6epss 0.00

    The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned…

  • CVE-2024-29080MedJul 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege.