CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

CVE-2026-25850

CVE-2026-25850 concerns OpenHarmony, affecting v6.0 and earlier, where the component filemanagement_storage_service improperly preserves permissions. The result is a local attacker can cause an information leak. The CVSS score is 5.5 (Medium); vectors: Local access, low attack complexity, low pri...

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions in the authentication process. An attacker can gain unauthorized access to user accounts by exploiting the handling of clientcredentials tokens, which may allow a client token to be misinterpreted as...

CVE-2025-37735

CVE-2025-37735 affects Elastic Defend on Windows. The issue is improper preservation of permissions in the Defend service (running as SYSTEM), which can lead to arbitrary file deletions and in some cases local privilege escalation. Affected versions include up to 8.19.5 and 9.0.0–9.1.5; fixed in ...

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions due to the improper removal of ClusterRoleBinding objects when a custom administrative global role or its binding is deleted. An attacker can retain unauthorized access to clusters by leveraging...

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions due to the improper removal of ClusterRoleBinding objects when a custom administrative global role or its binding is deleted. An attacker can retain unauthorized access to clusters by leveraging...

EUVD-2023-35099

Malicious code in bioql PyPI...

CVE-2021-37006

There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected...

Improper Preservation of Permissions

Overview lakefs-sdk is a lakeFS API Affected versions of this package are vulnerable to Improper Preservation of Permissions via the process of re-creating a user with the same username as a previously deleted one. An attacker can gain access to the system using the credentials of the deleted use...

SUSE CVE-2007-0473

The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information /etc/sudoers contents by reading this file...

Improper Preservation of Permissions in etcd

...

Input validation

Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges...

OPENSUSE-SU-2020:0220-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Nextcloud was updated to 15.0.14: - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes boo1162766 - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caused...

CVE-2019-15621

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link...

Important: Red Hat Security Advisory: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container

Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container Added a command to generate a new SECRETKEY and rekey the database Removed the guest user from the optionally-configured RabbitMQ admin interface CVE-2019-19340 Fixed slow queries for /api/v2/instances and /api/v2/instancegroups when smart inventori...