Total
1310 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20043 | 1 Cisco | 1 Cx Cloud Agent | 2024-11-21 | 6.7 Medium |
| A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device. | ||||
| CVE-2023-1229 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-4964 | 1 Canonical | 1 Ubuntu Pipewire-pulse | 2024-11-21 | 5.5 Medium |
| Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. | ||||
| CVE-2022-4575 | 1 Lenovo | 26 Thinkpad 25, Thinkpad 25 Firmware, Thinkpad L560 and 23 more | 2024-11-21 | 6.7 Medium |
| A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. | ||||
| CVE-2022-4039 | 1 Redhat | 8 Enterprise Linux, Openshift Container Platform, Openshift Container Platform For Ibm Z and 5 more | 2024-11-21 | 8 High |
| A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | ||||
| CVE-2022-45118 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 6.2 Medium |
| OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. | ||||
| CVE-2022-42464 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 6.7 Medium |
| OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. | ||||
| CVE-2022-42150 | 1 Tinylab | 2 Cloud Lab, Linux Lab | 2024-11-21 | 10.0 Critical |
| TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. | ||||
| CVE-2022-41748 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 6.7 Medium |
| A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-41414 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 5.3 Medium |
| An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. | ||||
| CVE-2022-40187 | 2 Bushnellgolf, Foresightsports | 4 Launch Pro, Launch Pro Firmware, Gc3 Launch Monitor and 1 more | 2024-11-21 | 8.0 High |
| Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property. | ||||
| CVE-2022-40109 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa. | ||||
| CVE-2022-3466 | 2 Kubernetes, Redhat | 4 Cri-o, Openshift, Openshift Container Platform and 1 more | 2024-11-21 | 4.8 Medium |
| The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652. | ||||
| CVE-2022-3431 | 1 Lenovo | 51 D330-10igl, D330-10igl Firmware, Ideapad 5 Pro-16ach6 and 48 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | ||||
| CVE-2022-38764 | 2 Microsoft, Trendmicro | 2 Windows, Housecall | 2024-11-21 | 7.8 High |
| A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer. | ||||
| CVE-2022-38466 | 1 Siemens | 1 Coreshield One-way Gateway | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. | ||||
| CVE-2022-37173 | 2 Microsoft, Vim | 2 Windows, Gvim | 2024-11-21 | 7.8 High |
| An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. | ||||
| CVE-2022-37030 | 1 Grommunio | 1 Gromox | 2024-11-21 | 7.8 High |
| Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module. | ||||
| CVE-2022-37006 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability. | ||||
| CVE-2022-37003 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 9.8 Critical |
| The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files. | ||||