Total
1352 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30594 | 4 Debian, Linux, Netapp and 1 more | 24 Debian Linux, Linux Kernel, 8300 and 21 more | 2024-11-21 | 7.8 High |
| The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | ||||
| CVE-2022-30375 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2024-11-21 | 6.5 Medium |
| Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img. | ||||
| CVE-2022-30367 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2024-11-21 | 6.5 Medium |
| Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img. | ||||
| CVE-2022-2735 | 3 Clusterlabs, Debian, Redhat | 4 Pcs, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS. | ||||
| CVE-2022-2528 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 6.5 Medium |
| In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. | ||||
| CVE-2022-2270 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. | ||||
| CVE-2022-29585 | 1 Mahara | 1 Mahara | 2024-11-21 | 7.5 High |
| In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). | ||||
| CVE-2022-29547 | 1 Mediawiki | 1 Createredirect | 2024-11-21 | 7.5 High |
| The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user being able to edit a page. | ||||
| CVE-2022-29483 | 1 Abb | 1 E-design | 2024-11-21 | 7.8 High |
| Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | ||||
| CVE-2022-29376 | 2 Apachefriends, Microsoft | 2 Xampp, Windows | 2024-11-21 | 8.8 High |
| Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | ||||
| CVE-2022-28999 | 1 Bloodshed | 1 Dev-c\+\+ | 2024-11-21 | 8.8 High |
| Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. | ||||
| CVE-2022-28932 | 1 Dlink | 2 Dsl-g2452dg, Dsl-g2452dg Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. | ||||
| CVE-2022-28702 | 1 Abb | 1 E-design | 2024-11-21 | 6.1 Medium |
| Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | ||||
| CVE-2022-28218 | 1 Ciphermail | 1 Webmail Messenger | 2024-11-21 | 5.5 Medium |
| An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA). | ||||
| CVE-2022-27960 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 5.4 Medium |
| Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information. | ||||
| CVE-2022-27958 | 1 Febs-security Project | 1 Febs-security | 2024-11-21 | 5.4 Medium |
| Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information. | ||||
| CVE-2022-27919 | 1 Gradle | 1 Enterprise | 2024-11-21 | 9.8 Critical |
| Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. | ||||
| CVE-2022-27840 | 1 Samsung | 1 Recovery | 2024-11-21 | 4.4 Medium |
| Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. | ||||
| CVE-2022-27652 | 4 Fedoraproject, Kubernetes, Mobyproject and 1 more | 5 Fedora, Cri-o, Moby and 2 more | 2024-11-21 | 5.3 Medium |
| A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | ||||
| CVE-2022-27651 | 3 Buildah Project, Fedoraproject, Redhat | 4 Buildah, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 6.8 Medium |
| A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. | ||||