Total
1267 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41766 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed). | |||||
| CVE-2022-41700 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41699 | 1 Intel | 1 Quickassist Technology | 2024-11-21 | N/A | 8.2 HIGH |
| Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41658 | 1 Intel | 1 Vtune Profiler | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-40817 | 1 Zammad | 1 Zammad | 2024-11-21 | N/A | 4.3 MEDIUM |
| Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2. | |||||
| CVE-2022-40298 | 1 Crestron | 1 Airmedia | 2024-11-21 | N/A | 8.8 HIGH |
| Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell. | |||||
| CVE-2022-3258 | 1 Hypr | 1 Workforce Access | 2024-11-21 | N/A | 3.7 LOW |
| Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse. | |||||
| CVE-2022-3146 | 2 Openstack, Redhat | 3 Tripleo Ansible, Openstack, Openstack For Ibm Power | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. | |||||
| CVE-2022-3101 | 2 Openstack, Redhat | 3 Tripleo Ansible, Openstack, Openstack For Ibm Power | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. | |||||
| CVE-2022-39284 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 2.6 LOW |
| CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. Users unable to upgrade are advised to manually construct their cookies either by setting the options in code or by constructing Cookie objects. Examples of each workaround are available in the linked GHSA. | |||||
| CVE-2022-39207 | 1 Onedev Project | 1 Onedev | 2024-11-21 | N/A | 5.4 MEDIUM |
| Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same context as the UI without any further restrictions. This leads to Cross-Site Scripting (XSS) when a user creates a build artifact that contains HTML. When accessing the artifact, the content is rendered by the browser, including any JavaScript that it contains. Since all cookies (except for the rememberMe one) do not set the HttpOnly flag, an attacker could steal the session of a victim and use it to impersonate them. To exploit this issue, attackers need to be able to modify the content of artifacts, which usually means they need to be able to modify a project's build spec. The exploitation requires the victim to click on an attacker's link. It can be used to elevate privileges by targeting admins of a OneDev instance. In the worst case, this can lead to arbitrary code execution on the server, because admins can create Server Shell Executors and use them to run any command on the server. This issue has been patched in version 7.3.0. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-39186 | 1 Exfo | 2 Bv-10, Bv-10 Firmware | 2024-11-21 | N/A | 6.2 MEDIUM |
| EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions | |||||
| CVE-2022-39062 | 1 Siemens | 1 Sicam Toolbox Ii | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege escalation. | |||||
| CVE-2022-38170 | 1 Apache | 1 Airflow | 2024-11-21 | N/A | 4.7 MEDIUM |
| In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. | |||||
| CVE-2022-38103 | 1 Intel | 1 Nuc Software Studio Service | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access | |||||
| CVE-2022-37771 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2024-11-21 | N/A | 6.7 MEDIUM |
| IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | |||||
| CVE-2022-37435 | 1 Apache | 1 Shenyu | 2024-11-21 | N/A | 8.8 HIGH |
| Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. | |||||
| CVE-2022-36800 | 1 Atlassian | 1 Jira Service Management | 2024-11-21 | N/A | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. | |||||
| CVE-2022-36670 | 1 Pcprotect | 1 Endpoint | 2024-11-21 | N/A | 6.7 MEDIUM |
| PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | |||||
| CVE-2022-36122 | 2 Automox, Microsoft | 2 Automox, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| The Automox Agent before 40 on Windows incorrectly sets permissions on key files. | |||||