Total
1310 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20436 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| There is an unauthorized service in the system service. Since the component does not have permission check, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369 | ||||
| CVE-2022-20435 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367 | ||||
| CVE-2022-20272 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672568 | ||||
| CVE-2022-20246 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230493191 | ||||
| CVE-2022-1833 | 1 Redhat | 1 Amq Broker | 2024-11-21 | 8.8 High |
| A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack. | ||||
| CVE-2022-0997 | 1 Fidelissecurity | 2 Deception, Network | 2024-11-21 | 3.9 Low |
| Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | ||||
| CVE-2022-0486 | 1 Fidelissecurity | 2 Deception, Network | 2024-11-21 | 4.4 Medium |
| Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | ||||
| CVE-2022-0336 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-11-21 | 8.8 High |
| The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. | ||||
| CVE-2021-46834 | 1 Huawei | 2 Jad-al50, Jad-al50 Firmware | 2024-11-21 | 5.5 Medium |
| A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4). | ||||
| CVE-2021-46811 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.3 Medium |
| HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. | ||||
| CVE-2021-46093 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 9.8 Critical |
| eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php. | ||||
| CVE-2021-46086 | 1 Mindskip | 1 Xzs-mysql | 2024-11-21 | 7.5 High |
| xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data. | ||||
| CVE-2021-46085 | 1 Oneblog Project | 1 Oneblog | 2024-11-21 | 6.5 Medium |
| OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority. | ||||
| CVE-2021-45335 | 1 Avast | 1 Antivirus | 2024-11-21 | 8.8 High |
| Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files. | ||||
| CVE-2021-45083 | 2 Cobbler Project, Fedoraproject | 2 Cobbler, Fedora | 2024-11-21 | 7.1 High |
| An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password. | ||||
| CVE-2021-44905 | 1 Cef | 2 Fortessa Ftbtld, Fortessa Ftbtld Firmware | 2024-11-21 | 8.2 High |
| Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name. | ||||
| CVE-2021-44858 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead. | ||||
| CVE-2021-44833 | 1 Amazon | 1 Aws Opensearch | 2024-11-21 | 9.8 Critical |
| The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. | ||||
| CVE-2021-44751 | 1 F-secure | 1 Safe | 2024-11-21 | 4.3 Medium |
| A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. | ||||
| CVE-2021-44216 | 1 Northern.tech | 1 Cfengine | 2024-11-21 | 5.5 Medium |
| Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files. | ||||