Total
2346 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29333 | 1 Cyberlink | 1 Powerdirector | 2024-11-21 | 7.8 High |
| A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. | ||||
| CVE-2022-27840 | 1 Samsung | 1 Recovery | 2024-11-21 | 4.4 Medium |
| Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. | ||||
| CVE-2022-27659 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 4.3 Medium |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-27487 | 1 Fortinet | 2 Fortideceptor, Fortisandbox | 2024-11-21 | 8.3 High |
| A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. | ||||
| CVE-2022-26676 | 1 Aenrich | 1 A\+hrd | 2024-11-21 | 9.8 Critical |
| aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | ||||
| CVE-2022-26668 | 1 Asus | 1 Control Center | 2024-11-21 | 7.3 High |
| ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service. | ||||
| CVE-2022-26251 | 1 Synametrics | 1 Synaman | 2024-11-21 | 7.2 High |
| The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | ||||
| CVE-2022-26118 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 6.7 Medium |
| A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. | ||||
| CVE-2022-26113 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.7 High |
| An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system. | ||||
| CVE-2022-26057 | 1 Abb | 1 Mint Workbench | 2024-11-21 | 6.7 Medium |
| Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product | ||||
| CVE-2022-25782 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 5.4 Medium |
| Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7. | ||||
| CVE-2022-25636 | 5 Debian, Linux, Netapp and 2 more | 16 Debian Linux, Linux Kernel, H300e and 13 more | 2024-11-21 | 7.8 High |
| net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | ||||
| CVE-2022-25372 | 2 Microsoft, Pritunl | 2 Windows, Pritunl-client-electron | 2024-11-21 | 7.8 High |
| Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. | ||||
| CVE-2022-25150 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2024-11-21 | 7.8 High |
| In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. | ||||
| CVE-2022-25089 | 1 Kofax | 1 Printix | 2024-11-21 | 9.8 Critical |
| Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. | ||||
| CVE-2022-24931 | 1 Google | 1 Android | 2024-11-21 | 7.9 High |
| Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission | ||||
| CVE-2022-24927 | 1 Samsung | 1 Video Player | 2024-11-21 | 4.2 Medium |
| Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. | ||||
| CVE-2022-24637 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | 9.8 Critical |
| Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter. | ||||
| CVE-2022-24408 | 1 Siemens | 4 Sinumerik Mc, Sinumerik Mc Firmware, Sinumerik One and 1 more | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root. | ||||
| CVE-2022-24077 | 1 Naver | 1 Cloud Explorer | 2024-11-21 | 7.8 High |
| Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | ||||