Common Weakness Enumeration

CWE-281

Allowed

Improper Preservation of Permissions

Abstraction: Base · Status: Draft

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

432 vulnerabilities reference this CWE, most recent first.

GHSA-XRVP-GX9P-8CH2

Vulnerability from github – Published: 2024-09-17 00:31 – Updated: 2025-11-04 18:31
VLAI
Details

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-17T00:15:47Z",
    "severity": "HIGH"
  },
  "details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.",
  "id": "GHSA-xrvp-gx9p-8ch2",
  "modified": "2025-11-04T18:31:19Z",
  "published": "2024-09-17T00:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27795"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121238"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Sep/33"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XXMH-66CH-6MV4

Vulnerability from github – Published: 2025-02-01 00:31 – Updated: 2025-02-03 21:31
VLAI
Details

EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to Incorrect Access Control. This vulnerability allows the api to be used to create/modify/delete information about aliases (users) / users (groups) / roles.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53355"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-31T22:15:09Z",
    "severity": "HIGH"
  },
  "details": "EasyVirt DCScope \u003c=8.6.0 and CO2Scope \u003c=1.3.0 are vulnerable to Incorrect Access Control. This vulnerability allows the api to be used to create/modify/delete information about aliases (users) / users (groups) / roles.",
  "id": "GHSA-xxmh-66ch-6mv4",
  "modified": "2025-02-03T21:31:49Z",
  "published": "2025-02-01T00:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53355"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53355.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.