VYPR

CWE-281

Improper Preservation of Permissions

BaseDraft

Description

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (135)

page 4 of 7
  • CVE-2021-21735MedJun 10, 2021
    risk 0.42cvss 6.5epss 0.01

    A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N…

  • CVE-2025-8325MedMay 11, 2026
    risk 0.41cvss 6.3epss 0.00

    The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing…

  • CVE-2024-52869MedJan 8, 2025
    risk 0.39cvss 6.0epss 0.00

    Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database…

  • CVE-2026-25850MedMay 19, 2026
    risk 0.36cvss 5.5epss 0.00

    in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak

  • CVE-2024-54513MedDec 12, 2024
    risk 0.36cvss 5.5epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access sensitive user data.

  • CVE-2024-40824MedJul 29, 2024
    risk 0.36cvss 5.5epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.

  • CVE-2024-40811MedJul 29, 2024
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to modify protected parts of the file system.

  • CVE-2024-40800MedJul 29, 2024
    risk 0.36cvss 5.5epss 0.00

    An input validation issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system.

  • CVE-2024-27888MedJul 29, 2024
    risk 0.36cvss 5.5epss 0.00

    A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sonoma 14.4. An app may be able to modify protected parts of the file system.

  • CVE-2024-9333MedOct 2, 2024
    risk 0.34cvss epss 0.00

    Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation

  • CVE-2024-46941MedJun 6, 2025
    risk 0.31cvss epss 0.00

    SystemUI has an incorrect component protection setting, which allows access to specific information.

  • CVE-2026-34600MedMay 19, 2026
    risk 0.30cvss 5.7epss 0.00

    Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully…

  • CVE-2024-37649MedDec 18, 2024
    risk 0.30cvss 4.6epss 0.00

    Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials.

  • CVE-2024-43784MedNov 26, 2024
    risk 0.30cvss 5.7epss 0.00

    lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that…

  • CVE-2024-22405MedApr 30, 2024
    risk 0.29cvss 5.5epss 0.00

    XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations…

  • CVE-2024-52522MedNov 15, 2024
    risk 0.28cvss epss 0.00

    Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions…

  • CVE-2024-33921MedMay 3, 2024
    risk 0.28cvss 4.3epss 0.00

    Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21.

  • CVE-2024-1726MedApr 25, 2024
    risk 0.28cvss 5.3epss 0.01

    A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has…

  • CVE-2018-3762MedJul 5, 2018
    risk 0.28cvss 4.3epss 0.01

    Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.

  • CVE-2017-5033MedApr 24, 2017
    risk 0.28cvss 4.3epss 0.01

    Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the…