Vulnerabilities (CVE)

Filtered by CWE-281
Total 215 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-31608 1 Nvidia 4 Geforce, Gpu Display Driver, Rtx and 1 more 2024-02-28 N/A 7.8 HIGH
NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2022-48295 1 Huawei 2 Emui, Harmonyos 2024-02-28 N/A 7.5 HIGH
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).
CVE-2021-3414 1 Redhat 1 Satellite 2024-02-28 N/A 8.1 HIGH
A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality.
CVE-2022-2787 1 Debian 2 Debian Linux, Schroot 2024-02-28 N/A 4.3 MEDIUM
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.
CVE-2022-31237 1 Dell 1 Emc Powerscale Onefs 2024-02-28 N/A 3.3 LOW
Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure.
CVE-2022-31262 1 Gog 1 Galaxy 2024-02-28 N/A 7.8 HIGH
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.
CVE-2021-45446 1 Hitachi 1 Vantara Pentaho 2024-02-28 N/A 7.5 HIGH
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder.  This directory listing provides an attacker with the complete index of all the resources located inside the directory.
CVE-2022-36062 1 Grafana 1 Grafana 2024-02-28 N/A 3.8 LOW
Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.
CVE-2022-41708 1 Relatedcode 1 Messenger 2024-02-28 N/A 4.3 MEDIUM
Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly.
CVE-2022-36102 1 Shopware 1 Shopware 2024-02-28 N/A 7.2 HIGH
Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version (5.7.15). Users can get the update via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.
CVE-2022-44020 2 Fedoraproject, Opendev 3 Fedora, Sushy-tools, Virtualbmc 2024-02-28 N/A 5.5 MEDIUM
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
CVE-2022-38577 1 Processmaker 1 Processmaker 2024-02-28 N/A 8.8 HIGH
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.
CVE-2019-14841 1 Redhat 2 Decision Manager, Process Automation 2024-02-28 N/A 8.8 HIGH
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.
CVE-2020-12744 1 Verint 1 Desktop And Process Analytics 2024-02-28 N/A 7.8 HIGH
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.
CVE-2022-21203 1 Intel 1 Quartus Prime 2024-02-28 4.6 MEDIUM 7.8 HIGH
Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-35079 1 Qualcomm 122 Apq8053, Apq8053 Firmware, Aqt1000 and 119 more 2024-02-28 2.1 LOW 5.5 MEDIUM
Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2022-24618 1 Heimdalsecurity 1 Heimdal Premium Security 2024-02-28 7.2 HIGH 7.8 HIGH
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
CVE-2021-39704 1 Google 1 Android 2024-02-28 4.6 MEDIUM 7.8 HIGH
In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481
CVE-2022-0330 4 Fedoraproject, Linux, Netapp and 1 more 46 Fedora, Linux Kernel, H300e and 43 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-24428 1 Dell 1 Emc Powerscale Onefs 2024-02-28 6.5 MEDIUM 8.8 HIGH
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure.