Total
1767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1901 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | |||||
| CVE-2022-1770 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
| CVE-2022-1606 | 1 M-files | 1 M-files Server | 2024-11-21 | N/A | 2.4 LOW |
| Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects. | |||||
| CVE-2022-1517 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network. | |||||
| CVE-2022-1397 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover. | |||||
| CVE-2022-1332 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | |||||
| CVE-2022-1227 | 4 Fedoraproject, Podman Project, Psgo Project and 1 more | 16 Fedora, Podman, Psgo and 13 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | |||||
| CVE-2022-1108 | 1 Lenovo | 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2022-1107 | 1 Lenovo | 60 Thinkpad 11e, Thinkpad 11e Firmware, Thinkpad 11e Yoga and 57 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. | |||||
| CVE-2022-1003 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.0 MEDIUM | 3.3 LOW |
| One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads. | |||||
| CVE-2022-0668 | 1 Jfrog | 1 Artifactory | 2024-11-21 | N/A | 5.3 MEDIUM |
| JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user. | |||||
| CVE-2022-0222 | 1 Schneider-electric | 28 Modicon M340 Bmxnoe0100, Modicon M340 Bmxnoe0100 Firmware, Modicon M340 Bmxnoe0110 and 25 more | 2024-11-21 | N/A | 7.5 HIGH |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24) | |||||
| CVE-2022-0144 | 1 Shelljs Project | 1 Shelljs | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| shelljs is vulnerable to Improper Privilege Management | |||||
| CVE-2022-0090 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI. | |||||
| CVE-2022-0071 | 1 Hotdog Project | 1 Hotdog | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host, modify devices, or make syscalls that would otherwise be blocked. | |||||
| CVE-2022-0070 | 2 Amazon, Linux | 2 Log4jhotpatch, Linux Kernel | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to. | |||||
| CVE-2021-4200 | 1 Suse | 1 Rancher | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. | |||||
| CVE-2021-45440 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-45222 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel. | |||||
| CVE-2021-44021 | 1 Trendmicro | 1 Worry-free Business Security | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020. | |||||