Total
1352 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38764 | 2 Microsoft, Trendmicro | 2 Windows, Housecall | 2024-11-21 | 7.8 High |
| A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer. | ||||
| CVE-2022-38466 | 1 Siemens | 1 Coreshield One-way Gateway | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. | ||||
| CVE-2022-37173 | 2 Microsoft, Vim | 2 Windows, Gvim | 2024-11-21 | 7.8 High |
| An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. | ||||
| CVE-2022-37030 | 1 Grommunio | 1 Gromox | 2024-11-21 | 7.8 High |
| Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module. | ||||
| CVE-2022-37006 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability. | ||||
| CVE-2022-37003 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 9.8 Critical |
| The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files. | ||||
| CVE-2022-36803 | 1 Atlassian | 1 Jira Align | 2024-11-21 | 8.8 High |
| The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. | ||||
| CVE-2022-36640 | 1 Influxdata | 1 Influxdb | 2024-11-21 | 9.8 Critical |
| influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization. | ||||
| CVE-2022-34737 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 9.1 Critical |
| The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality. | ||||
| CVE-2022-33996 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 8.8 High |
| Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. | ||||
| CVE-2022-33912 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 7.8 High |
| A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected. | ||||
| CVE-2022-33877 | 1 Fortinet | 2 Forticlient, Forticonverter | 2024-11-21 | 6.8 Medium |
| An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder. | ||||
| CVE-2022-33023 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | 7.5 High |
| CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. | ||||
| CVE-2022-32743 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-11-21 | 7.5 High |
| Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | ||||
| CVE-2022-32562 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 8.8 High |
| An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. | ||||
| CVE-2022-31500 | 1 Knime | 1 Knime Analytics Platform | 2024-11-21 | 7.8 High |
| In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | ||||
| CVE-2022-31251 | 1 Opensuse | 1 Factory | 2024-11-21 | 6.5 Medium |
| A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. | ||||
| CVE-2022-30758 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. | ||||
| CVE-2022-30753 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | ||||
| CVE-2022-30747 | 1 Samsung | 1 Smartthings | 2024-11-21 | 5.5 Medium |
| PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. | ||||