Total
1269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46774 | 1 Ibm | 2 Manage Application, Maximo Application Suite | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953. | |||||
| CVE-2022-45793 | 1 Omron | 1 Automation Software Sysmac Studio | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user. | |||||
| CVE-2022-45459 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
| CVE-2022-45454 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
| CVE-2022-45452 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
| CVE-2022-45153 | 2 Opensuse, Suse | 3 Leap, Linux Enterprise Module For Sap Applications, Linux Enterprise Server | 2024-11-21 | N/A | 7.0 HIGH |
| An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. | |||||
| CVE-2022-45118 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 6.2 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. | |||||
| CVE-2022-45099 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 7.8 HIGH |
| Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise | |||||
| CVE-2022-42464 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 6.7 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. | |||||
| CVE-2022-42150 | 1 Tinylab | 2 Cloud Lab, Linux Lab | 2024-11-21 | N/A | 10.0 CRITICAL |
| TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. | |||||
| CVE-2022-41943 | 1 Sourcegraph | 1 Sourcegraph | 2024-11-21 | N/A | 9.0 CRITICAL |
| sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0. | |||||
| CVE-2022-41748 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 6.7 MEDIUM |
| A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-41687 | 2 Intel, Microsoft | 15 Nuc P14e Laptop Element, Windows 10 1507, Windows 10 1511 and 12 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41414 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | N/A | 5.3 MEDIUM |
| An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. | |||||
| CVE-2022-40971 | 1 Intel | 1 Nuc Hdmi Firmware Update Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-40232 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597. | |||||
| CVE-2022-40109 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa. | |||||
| CVE-2022-3884 | 2 Hitachi, Microsoft | 2 Ops Center Analyzer, Windows | 2024-11-21 | N/A | 7.3 HIGH |
| Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. | |||||
| CVE-2022-3758 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet. | |||||
| CVE-2022-3466 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift Container Platform | 2024-11-21 | N/A | 4.8 MEDIUM |
| The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652. | |||||