Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27382 | 2 Intel, Microsoft | 2 Nuc P14e Laptop Element, Windows 10 | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27505 | 1 Intel | 1 Advanced Link Analyzer | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27392 | 1 Intel | 1 Support | 2023-11-07 | N/A | 4.4 MEDIUM |
| Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-25540 | 1 Dell | 1 Emc Powerscale Onefs | 2023-11-07 | N/A | 7.1 HIGH |
| Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. | |||||
| CVE-2023-22440 | 1 Intel | 1 Setup And Configuration Software | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-4039 | 1 Redhat | 6 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 3 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | |||||
| CVE-2022-4020 | 1 Acer | 10 Aspire A115-21, Aspire A115-21 Firmware, Aspire A315-22 and 7 more | 2023-11-07 | N/A | 8.2 HIGH |
| Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. | |||||
| CVE-2022-46774 | 1 Ibm | 2 Manage Application, Maximo Application Suite | 2023-11-07 | N/A | 6.5 MEDIUM |
| IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953. | |||||
| CVE-2022-45099 | 1 Dell | 1 Emc Powerscale Onefs | 2023-11-07 | N/A | 7.8 HIGH |
| Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise | |||||
| CVE-2022-42150 | 1 Tinylab | 2 Cloud Lab, Linux Lab | 2023-11-07 | N/A | 10.0 CRITICAL |
| TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. | |||||
| CVE-2022-40971 | 1 Intel | 1 Nuc Hdmi Firmware Update Tool | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-40232 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2023-11-07 | N/A | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597. | |||||
| CVE-2022-41687 | 2 Intel, Microsoft | 15 Nuc P14e Laptop Element, Windows 10 1507, Windows 10 1511 and 12 more | 2023-11-07 | N/A | 7.8 HIGH |
| Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-3884 | 2 Hitachi, Microsoft | 2 Ops Center Analyzer, Windows | 2023-11-07 | N/A | 7.1 HIGH |
| Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. | |||||
| CVE-2022-3466 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift Container Platform | 2023-11-07 | N/A | 5.3 MEDIUM |
| The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652. | |||||
| CVE-2022-3101 | 2 Openstack, Redhat | 3 Tripleo Ansible, Openstack, Openstack For Ibm Power | 2023-11-07 | N/A | 5.5 MEDIUM |
| A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. | |||||
| CVE-2022-3146 | 2 Openstack, Redhat | 3 Tripleo Ansible, Openstack, Openstack For Ibm Power | 2023-11-07 | N/A | 5.5 MEDIUM |
| A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. | |||||
| CVE-2022-36391 | 1 Intel | 1 Nuc Pro Software Suite | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33877 | 1 Fortinet | 2 Forticlient, Forticonverter | 2023-11-07 | N/A | 5.5 MEDIUM |
| An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder. | |||||
| CVE-2022-33963 | 1 Intel | 1 Unite | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||