Total
1021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32562 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. | |||||
| CVE-2022-32207 | 6 Apple, Debian, Fedoraproject and 3 more | 19 Macos, Debian Linux, Fedora and 16 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | |||||
| CVE-2022-31500 | 1 Knime | 1 Knime Analytics Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | |||||
| CVE-2022-31254 | 2 Opensuse, Suse | 4 Leap, Rmt-server, Linux Enterprise Server and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. | |||||
| CVE-2022-31251 | 1 Opensuse | 1 Factory | 2024-11-21 | N/A | 6.5 MEDIUM |
| A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. | |||||
| CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2024-11-21 | N/A | 7.8 HIGH |
| Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | |||||
| CVE-2022-31072 | 1 Octokit Project | 1 Octokit | 2024-11-21 | 2.1 LOW | 2.5 LOW |
| Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octokit 4.25.0. Two workarounds are available. Users can use the previous version of the gem, v4.22.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. | |||||
| CVE-2022-31071 | 1 Octopoller Project | 1 Octopoller | 2024-11-21 | 2.1 LOW | 2.5 LOW |
| Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octopoller 0.3.0. Two workarounds are available. Users can use the previous version of the gem, v0.1.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. | |||||
| CVE-2022-30759 | 1 Nokia | 1 One-nds | 2024-11-21 | N/A | 8.8 HIGH |
| In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | |||||
| CVE-2022-30758 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. | |||||
| CVE-2022-30753 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | |||||
| CVE-2022-30747 | 1 Samsung | 1 Smartthings | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. | |||||
| CVE-2022-30375 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img. | |||||
| CVE-2022-30367 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img. | |||||
| CVE-2022-30338 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-2735 | 2 Clusterlabs, Debian | 2 Pcs, Debian Linux | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS. | |||||
| CVE-2022-2528 | 1 Octopus | 1 Octopus Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. | |||||
| CVE-2022-2366 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.6 MEDIUM |
| Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers. | |||||
| CVE-2022-2270 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 3.5 LOW |
| An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. | |||||
| CVE-2022-29909 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | N/A | 8.8 HIGH |
| Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||