Total
1021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26839 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. | |||||
| CVE-2022-26595 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI. | |||||
| CVE-2022-26344 | 1 Intel | 1 Single Event Api | 2024-11-21 | N/A | 7.8 HIGH |
| Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26235 | 1 Beckmancoulter | 1 Remisol Advance | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows. | |||||
| CVE-2022-25943 | 1 Kingsoft | 1 Wps Office | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | |||||
| CVE-2022-25804 | 1 Igel | 1 Universal Management Suite | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser. | |||||
| CVE-2022-25570 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder. | |||||
| CVE-2022-25364 | 1 Gradle | 1 Enterprise | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.) | |||||
| CVE-2022-25327 | 1 Google | 1 Fscrypt | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above | |||||
| CVE-2022-24890 | 1 Nextcloud | 1 Talk | 2024-11-21 | 3.5 LOW | 2.4 LOW |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds. | |||||
| CVE-2022-24804 | 1 Discourse | 1 Discourse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category's permissions setting. | |||||
| CVE-2022-24343 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. | |||||
| CVE-2022-24337 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. | |||||
| CVE-2022-24301 | 2 Debian, Minetest | 2 Debian Linux, Minetest | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| In Minetest before 5.4.0, players can add or subtract items from a different player's inventory. | |||||
| CVE-2022-24113 | 2 Acronis, Microsoft | 5 Agent, Cyber Protect, Cyber Protect Home Office and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | |||||
| CVE-2022-23996 | 1 Samsung | 1 Wear Os | 2024-11-21 | 4.3 MEDIUM | 4.0 MEDIUM |
| Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission. | |||||
| CVE-2022-23995 | 1 Samsung | 1 Wear Os | 2024-11-21 | 4.3 MEDIUM | 4.0 MEDIUM |
| Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | |||||
| CVE-2022-23922 | 1 Win-911 | 2 Win-911 2021 R1, Win-911 2021 R2 | 2024-11-21 | 4.4 MEDIUM | 5.6 MEDIUM |
| WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | |||||
| CVE-2022-23802 | 1 Ijoomla | 1 Guru | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private information and components, possibility to view other users' information. | |||||
| CVE-2022-23104 | 1 Win-911 | 2 Win-911 2021 R1, Win-911 2021 R2 | 2024-11-21 | 4.4 MEDIUM | 5.6 MEDIUM |
| WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program. | |||||