Total
1021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37030 | 1 Grommunio | 1 Gromox | 2024-11-21 | N/A | 7.8 HIGH |
| Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module. | |||||
| CVE-2022-37006 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2022-37003 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | N/A | 9.8 CRITICAL |
| The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files. | |||||
| CVE-2022-36803 | 1 Atlassian | 1 Jira Align | 2024-11-21 | N/A | 8.8 HIGH |
| The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. | |||||
| CVE-2022-36640 | 1 Influxdata | 1 Influxdb | 2024-11-21 | N/A | 9.8 CRITICAL |
| influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization. | |||||
| CVE-2022-36438 | 1 Asus | 2 Asusswitch, System Control Interface | 2024-11-21 | N/A | 7.8 HIGH |
| AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0. | |||||
| CVE-2022-36397 | 1 Intel | 1 Quickassist Technology | 2024-11-21 | N/A | 7.3 HIGH |
| Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36391 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36377 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36367 | 1 Intel | 1 Support | 2024-11-21 | N/A | 4.4 MEDIUM |
| Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-34824 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2024-11-21 | N/A | 9.8 CRITICAL |
| Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | |||||
| CVE-2022-34737 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality. | |||||
| CVE-2022-33996 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. | |||||
| CVE-2022-33963 | 1 Intel | 1 Unite | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33922 | 1 Dell | 1 Geodrive | 2024-11-21 | N/A | 7.0 HIGH |
| Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2022-33912 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected. | |||||
| CVE-2022-33877 | 1 Fortinet | 2 Forticlient, Forticonverter | 2024-11-21 | N/A | 7.0 HIGH |
| An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder. | |||||
| CVE-2022-33196 | 1 Intel | 272 Xeon D-1513n, Xeon D-1513n Firmware, Xeon D-1518 and 269 more | 2024-11-21 | N/A | 7.2 HIGH |
| Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33023 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. | |||||
| CVE-2022-32743 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-11-21 | N/A | 7.5 HIGH |
| Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | |||||