CWE-281

Improper Preservation of Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

329 vulnerabilities with CWE-281
CVE-2021-37086 HIGH
Huawei Smartphone - Info Disclosure
CVSS 8.6
CVE-2021-37056 MEDIUM
Huawei Smartphone - Info Disclosure
CVSS 5.3
CVE-2021-37006 HIGH
Huawei Smartphone - Info Disclosure
CVSS 7.5
CVE-2021-39897 LOW
GitLab CE/EE >=10.5 - Info Disclosure
CVSS 2.6
CVE-2021-30827 HIGH
macOS 10.15-10.15.5 and 11.0-11.5 - Local Privilege Escalation via Permission Validation Issue
CVSS 7.8
CVE-2021-41091 MEDIUM
Moby < 20.10.9 - Unprivileged Host User Data Exposure and Privilege Escalation via Insufficient Directory Permissions
CVSS 6.3
CVE-2021-41089 LOW
Moby < 20.10.9 - Unix File Permission Changes via docker cp
CVSS 2.8
CVE-2021-30912 MEDIUM
macOS < 10.15.7, 11.0-11.6.1 - Unprotected User Data Exposure via Keychain Permissions
CVSS 5.5
CVE-2021-38553 MEDIUM
HashiCorp Vault <1.8.0 - Info Disclosure
CVSS 4.4
CVE-2021-29971 CRITICAL
Firefox for Android < 90.0 - Permission Bypass via Same-Host Scheme/Port Confusion
CVSS 9.8
CVE-2021-32465 HIGH
Trend Micro Apex One, Apex One as a Service & OfficeScan XG SP1 - P...
CVSS 8.8
CVE-2021-22382 MEDIUM
Huawei LTE USB Dongle - Privilege Escalation
CVSS 6.5
CVE-2021-21735 MEDIUM
ZXHN H168N Firmware < 3.5.0_eg1t4_te - Unauthenticated Sensitive Information Exposure via Wizard Page
CVSS 6.5
CVE-2021-0074 HIGH
Intel(R) Computing Improvement Program <2.4.5982 - Privilege Escala...
CVSS 7.8
CVE-2021-3495 HIGH
Kiali-operator <1.33.0-1.24.7 - Privilege Escalation
CVSS 8.8
CVE-2021-22137 MEDIUM
Elasticsearch <6.8.15 and 7.11.0-7.11.1 - Document Disclosure via Cross-Cluster Search Query
CVSS 5.3
CVE-2021-30482 HIGH
JetBrains UpSource <2020.1.1883 - Info Disclosure
CVSS 7.5
CVE-2021-3418 MEDIUM
GRUB2 < 2.06 - Secure Boot Bypass via Shim Lock Mechanism
CVSS 6.4
CVE-2021-21379 HIGH
XWiki Platform 11.4-11.10.10 - Improper Preservation of Permissions in wikimacrocontent
CVSS 7.7
CVE-2021-20263 LOW
QEMU virtio-fs - Privilege Escalation
CVSS 3.3
CVE-2021-23963 MEDIUM
Firefox < 85.0 - Permission State Reset via WebRTC Geolocation Sharing
CVSS 4.3
CVE-2020-36070 CRITICAL
Voyager <=1.4 - Code Execution via PHP File Upload to Media Component
CVSS 9.8
CVE-2020-18329 HIGH
Rehau pCOWeb <6.27 - Info Disclosure
CVSS 7.5
CVE-2020-12744 HIGH
Verint Desktop Resources 15.2 - Privilege Escalation
CVSS 7.8
CVE-2020-15496 HIGH
Acronis True Image for Mac < 2021 Update 4 - Local Privilege Escalation via Insecure Folder Permissions
CVSS 7.8
Details
Vulnerabilities 329
Links
MITRE CWE Entry Search this CWE With Exploits