Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26251 | 1 Synametrics | 1 Synaman | 2022-04-13 | 9.0 HIGH | 7.2 HIGH |
| The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | |||||
| CVE-2021-39772 | 1 Google | 1 Android | 2022-04-06 | 5.8 MEDIUM | 8.8 HIGH |
| In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-181962322 | |||||
| CVE-2021-39782 | 1 Google | 1 Android | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015 | |||||
| CVE-2021-39783 | 1 Google | 1 Android | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597 | |||||
| CVE-2021-39784 | 1 Google | 1 Android | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477 | |||||
| CVE-2021-35448 | 2 Microsoft, Remotemouse | 2 Windows, Emote Interactive Studio | 2022-03-29 | 7.2 HIGH | 7.8 HIGH |
| Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections. | |||||
| CVE-2022-1003 | 1 Mattermost | 1 Mattermost | 2022-03-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads. | |||||
| CVE-2018-13400 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 6.5 MEDIUM | 4.7 MEDIUM |
| Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | |||||
| CVE-2016-1572 | 5 Canonical, Debian, Ecryptfs and 2 more | 6 Ubuntu Linux, Debian Linux, Ecryptfs-utils and 3 more | 2022-03-23 | 4.6 MEDIUM | 8.4 HIGH |
| mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. | |||||
| CVE-2022-22141 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2022-03-18 | 4.4 MEDIUM | 7.8 HIGH |
| 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | |||||
| CVE-2022-20051 | 2 Google, Mediatek | 63 Android, Mt6731, Mt6732 and 60 more | 2022-03-17 | 2.1 LOW | 5.5 MEDIUM |
| In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127. | |||||
| CVE-2022-24408 | 1 Siemens | 4 Sinumerik Mc, Sinumerik Mc Firmware, Sinumerik One and 1 more | 2022-03-11 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root. | |||||
| CVE-2022-23921 | 1 Ge | 1 Proficy Cimplicitiy | 2022-03-08 | 3.7 LOW | 7.8 HIGH |
| Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. | |||||
| CVE-2022-25150 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2022-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. | |||||
| CVE-2021-22801 | 1 Schneider-electric | 1 Connexium Network Manager | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions) | |||||
| CVE-2022-24927 | 1 Samsung | 1 Video Player | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. | |||||
| CVE-2021-36302 | 1 Dell | 2 Emc Integrated System For Microsoft Azure Stack Hub, Emc Integrated System For Microsoft Azure Stack Hub Firmware | 2022-02-14 | 9.0 HIGH | 9.9 CRITICAL |
| All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over the system. | |||||
| CVE-2016-8219 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2022-02-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails. | |||||
| CVE-2022-0144 | 1 Shelljs Project | 1 Shelljs | 2022-02-09 | 3.6 LOW | 7.1 HIGH |
| shelljs is vulnerable to Improper Privilege Management | |||||
| CVE-2022-22509 | 1 Phoenixcontact | 130 Fl Switch 2005, Fl Switch 2005 Firmware, Fl Switch 2008 and 127 more | 2022-02-05 | 9.0 HIGH | 8.8 HIGH |
| In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration. | |||||