Total
1021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22948 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. | |||||
| CVE-2022-22518 | 1 Codesys | 10 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 7 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy. | |||||
| CVE-2022-22424 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597. | |||||
| CVE-2022-22296 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed. | |||||
| CVE-2022-21704 | 2 Debian, Log4js Project | 2 Debian Linux, Log4js | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update. | |||||
| CVE-2022-21204 | 1 Intel | 1 Quartus Prime | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-20732 | 1 Cisco | 1 Virtualized Infrastructure Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device. | |||||
| CVE-2022-20611 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180 | |||||
| CVE-2022-20436 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| There is an unauthorized service in the system service. Since the component does not have permission check, resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242248369 | |||||
| CVE-2022-20435 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367 | |||||
| CVE-2022-20272 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672568 | |||||
| CVE-2022-20246 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230493191 | |||||
| CVE-2022-1833 | 1 Redhat | 1 Amq Broker | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack. | |||||
| CVE-2022-1109 | 1 Lenovo | 1 Leyun | 2024-11-21 | N/A | 5.5 MEDIUM |
| An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service. | |||||
| CVE-2022-0997 | 1 Fidelissecurity | 2 Deception, Network | 2024-11-21 | 7.2 HIGH | 3.9 LOW |
| Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2022-0486 | 1 Fidelissecurity | 2 Deception, Network | 2024-11-21 | 7.2 HIGH | 4.4 MEDIUM |
| Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2022-0336 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-11-21 | N/A | 8.8 HIGH |
| The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. | |||||
| CVE-2021-46834 | 1 Huawei | 2 Jad-al50, Jad-al50 Firmware | 2024-11-21 | N/A | 5.5 MEDIUM |
| A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4). | |||||
| CVE-2021-46811 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. | |||||
| CVE-2021-46093 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php. | |||||