Vulnerabilities > Improper Preservation of Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-19 | CVE-2022-41708 | Improper Preservation of Permissions vulnerability in Relatedcode Messenger Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. | 4.3 |
| 2022-10-17 | CVE-2019-14841 | Improper Preservation of Permissions vulnerability in Redhat Decision Manager and Process Automation A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. | 8.8 |
| 2022-09-22 | CVE-2022-36062 | Improper Preservation of Permissions vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 3.8 |
| 2022-09-19 | CVE-2022-38577 | Improper Preservation of Permissions vulnerability in Processmaker 3.0.1.7/3.4.11 ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. | 8.8 |
| 2022-08-27 | CVE-2022-2787 | Improper Preservation of Permissions vulnerability in Debian Linux and Schroot Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. | 4.3 |
| 2022-08-17 | CVE-2022-31262 | Improper Preservation of Permissions vulnerability in GOG Galaxy 2.0.46 An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. | 7.8 |
| 2022-06-30 | CVE-2022-22472 | Improper Preservation of Permissions vulnerability in IBM Spectrum Protect Plus Container Backup and Restore IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. | 6.5 |
| 2022-06-29 | CVE-2022-32969 | Improper Preservation of Permissions vulnerability in Metamask MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue. | 4.3 |
| 2022-06-27 | CVE-2022-31096 | Improper Preservation of Permissions vulnerability in Discourse Discourse is an open source discussion platform. | 2.1 |
| 2022-06-14 | CVE-2021-35079 | Improper Preservation of Permissions vulnerability in Qualcomm products Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2.1 |