Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44215 | 1 Northern.tech | 1 Cfengine | 2022-03-15 | 2.1 LOW | 5.5 MEDIUM |
| Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact. | |||||
| CVE-2022-25943 | 1 Kingsoft | 1 Wps Office | 2022-03-14 | 4.6 MEDIUM | 7.8 HIGH |
| The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | |||||
| CVE-2021-40059 | 1 Huawei | 2 Emui, Magic Ui | 2022-03-14 | 3.3 LOW | 6.5 MEDIUM |
| There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2021-40049 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization. | |||||
| CVE-2021-41652 | 1 Batflat | 1 Batflat | 2022-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. | |||||
| CVE-2022-25327 | 1 Google | 1 Fscrypt | 2022-03-08 | 2.1 LOW | 5.5 MEDIUM |
| The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above | |||||
| CVE-2021-37103 | 1 Huawei | 2 Emui, Magic Ui | 2022-03-08 | 2.1 LOW | 5.5 MEDIUM |
| There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2022-23922 | 1 Win-911 | 2 Win-911 2021 R1, Win-911 2021 R2 | 2022-03-07 | 4.4 MEDIUM | 7.8 HIGH |
| WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | |||||
| CVE-2022-23104 | 1 Win-911 | 2 Win-911 2021 R1, Win-911 2021 R2 | 2022-03-07 | 4.4 MEDIUM | 7.8 HIGH |
| WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program. | |||||
| CVE-2022-24337 | 1 Jetbrains | 1 Teamcity | 2022-03-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. | |||||
| CVE-2022-24343 | 1 Jetbrains | 1 Youtrack | 2022-03-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. | |||||
| CVE-2022-24301 | 2 Debian, Minetest | 2 Debian Linux, Minetest | 2022-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| In Minetest before 5.4.0, players can add or subtract items from a different player's inventory. | |||||
| CVE-2021-3155 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2022-02-25 | 2.1 LOW | 5.5 MEDIUM |
| snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | |||||
| CVE-2021-20001 | 2 Debian, Skolelinux | 2 Debian Linux, Debian-edu-config | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | |||||
| CVE-2022-23996 | 1 Samsung | 1 Wear Os | 2022-02-22 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission. | |||||
| CVE-2022-23995 | 1 Samsung | 1 Wear Os | 2022-02-22 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | |||||
| CVE-2021-22817 | 1 Schneider-electric | 73 Hmibmiea5dd1001, Hmibmiea5dd1001 Firmware, Hmibmiea5dd100a and 70 more | 2022-02-16 | 4.6 MEDIUM | 7.8 HIGH |
| A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1) | |||||
| CVE-2022-24113 | 2 Acronis, Microsoft | 5 Agent, Cyber Protect, Cyber Protect Home Office and 2 more | 2022-02-11 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | |||||
| CVE-2004-1778 | 1 Skype | 1 Skype | 2022-02-07 | 4.6 MEDIUM | N/A |
| Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks. | |||||
| CVE-2015-7985 | 1 Valvesoftware | 1 Steam Client | 2022-02-07 | 7.2 HIGH | N/A |
| Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. | |||||