Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37173 | 2 Microsoft, Vim | 2 Windows, Gvim | 2022-09-06 | N/A | 7.8 HIGH |
| An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. | |||||
| CVE-2022-0336 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2022-09-01 | N/A | 8.8 HIGH |
| The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. | |||||
| CVE-2021-3917 | 1 Redhat | 1 Coreos-installer | 2022-08-26 | N/A | 5.5 MEDIUM |
| A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-37289 | 1 Planex | 2 Mzk-dp150n, Mzk-dp150n Firmware | 2022-08-23 | N/A | 7.2 HIGH |
| Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp. | |||||
| CVE-2020-24402 | 1 Magento | 1 Magento | 2022-08-19 | 5.5 MEDIUM | 4.9 MEDIUM |
| Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization. | |||||
| CVE-2021-30490 | 2 Microsoft, Power-software-download | 2 Windows, Viewpower | 2022-08-17 | N/A | 7.8 HIGH |
| upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation. | |||||
| CVE-2021-39087 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling B2b Integrator and 3 more | 2022-08-17 | N/A | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109. | |||||
| CVE-2022-20272 | 1 Google | 1 Android | 2022-08-16 | N/A | 5.5 MEDIUM |
| In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672568 | |||||
| CVE-2022-37003 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-08-15 | N/A | 9.8 CRITICAL |
| The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files. | |||||
| CVE-2022-20246 | 1 Google | 1 Android | 2022-08-13 | N/A | 7.8 HIGH |
| In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230493191 | |||||
| CVE-2022-37030 | 1 Grommunio | 1 Gromox | 2022-08-10 | N/A | 7.8 HIGH |
| Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module. | |||||
| CVE-2020-13535 | 1 Kepware | 1 Linkmaster | 2022-08-06 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges. | |||||
| CVE-2020-10145 | 1 Adobe | 1 Coldfusion | 2022-08-05 | 7.2 HIGH | 7.8 HIGH |
| The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. | |||||
| CVE-2021-40397 | 1 Advantech | 1 Wise-paas\/ota | 2022-07-30 | 9.3 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-13532 | 1 Dreamreport | 1 Dream Report | 2022-07-30 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-13533 | 1 Dreamreport | 1 Dream Report | 2022-07-30 | 4.4 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. | |||||
| CVE-2020-13534 | 1 Dreamreport | 1 Dream Report | 2022-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-27228 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2022-07-29 | 6.8 MEDIUM | 7.8 HIGH |
| An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. | |||||
| CVE-2022-2366 | 1 Mattermost | 1 Mattermost Server | 2022-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers. | |||||
| CVE-2022-22424 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-26 | N/A | 5.5 MEDIUM |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597. | |||||