Vulnerabilities > Improper Preservation of Permissions

DATE CVE VULNERABILITY TITLE RISK
2023-02-09 CVE-2022-48301 Improper Preservation of Permissions vulnerability in Huawei Emui and Harmonyos
The bundle management module lacks permission verification in some APIs.
network
low complexity
huawei CWE-281
7.5
2023-01-26 CVE-2020-18329 Improper Preservation of Permissions vulnerability in Carel Pcoweb Card Bios, Pcoweb Card Boot and Pcoweb Card web
An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.
network
low complexity
carel CWE-281
7.5
2022-12-22 CVE-2022-38473 A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access).
network
low complexity
CWE-281
8.8
2022-12-19 CVE-2022-47547 Improper Preservation of Permissions vulnerability in Protocol Gossipsub 1.1
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.
network
low complexity
protocol CWE-281
5.3
2022-12-16 CVE-2022-4326 Improper Preservation of Permissions vulnerability in Trellix Endpoint Security
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality.
local
low complexity
trellix CWE-281
6.0
2022-12-16 CVE-2022-41963 BigBlueButton is an open source web conferencing system.
network
high complexity
CWE-281
3.1
2022-11-19 CVE-2022-31608 Improper Preservation of Permissions vulnerability in Nvidia GPU Display Driver
NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
local
low complexity
nvidia CWE-281
7.8
2022-11-02 CVE-2021-45446 Improper Preservation of Permissions vulnerability in Hitachi Vantara Pentaho 8.3.0.0/8.3.0.25/8.3.0.9
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.  This directory listing provides an attacker with the complete index of all the resources located inside the directory.
network
low complexity
hitachi CWE-281
7.5
2022-10-30 CVE-2022-44020 Improper Preservation of Permissions vulnerability in multiple products
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2.
local
low complexity
opendev fedoraproject CWE-281
5.5
2022-10-20 CVE-2020-12744 Improper Preservation of Permissions vulnerability in Verint Desktop and Process Analytics 15.2
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.
local
low complexity
verint CWE-281
7.8