Total
1265 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22330 | 2 Ibm, Linux | 2 Control Desk, Linux Kernel | 2024-02-28 | N/A | 5.3 MEDIUM |
| IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126. | |||||
| CVE-2020-27836 | 1 Redhat | 2 Enterprise Linux, Openshift Container Platform | 2024-02-28 | N/A | 9.8 CRITICAL |
| A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.. | |||||
| CVE-2022-2188 | 2 Mcafee, Microsoft | 2 Data Exchange Layer, Windows | 2024-02-28 | N/A | 5.5 MEDIUM |
| Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. | |||||
| CVE-2022-32777 | 1 Wwbn | 1 Avideo | 2024-02-28 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the session cookie to be leaked over non-HTTPS connections. This could allow an attacker to steal the session cookie via crafted HTTP requests.This vulnerabilty is for the session cookie which can be leaked via JavaScript. | |||||
| CVE-2020-15329 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. | |||||
| CVE-2022-26237 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-02-28 | N/A | 5.5 MEDIUM |
| The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||
| CVE-2022-23726 | 1 Pingidentity | 1 Pingcentral | 2024-02-28 | N/A | 4.9 MEDIUM |
| PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. | |||||
| CVE-2022-35250 | 1 Rocket.chat | 1 Rocket.chat | 2024-02-28 | N/A | 4.3 MEDIUM |
| A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions. | |||||
| CVE-2022-20398 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
| In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734 | |||||
| CVE-2022-2332 | 1 Honeywell | 1 Softmaster | 2024-02-28 | N/A | 7.8 HIGH |
| A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment. | |||||
| CVE-2022-34314 | 1 Ibm | 1 Cics Tx | 2024-02-28 | N/A | 3.3 LOW |
| IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. | |||||
| CVE-2022-22411 | 2 Ibm, Linux | 2 Spectrum Scale Data Access Services, Linux Kernel | 2024-02-28 | N/A | 6.5 MEDIUM |
| IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016. | |||||
| CVE-2022-20234 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle (e.g. Settings app) to make users enable notification access permission for the malicious app. That is, users believe they enable the notification access permission for the Settings app, but actually they enable the notification access permission for the malicious app.Once the malicious app gets the notification access permission, it can read all notifications, including users' personal information.Product: AndroidVersions: Android-12LAndroid ID: A-225189301 | |||||
| CVE-2022-2975 | 1 Avaya | 1 Aura Application Enablement Services | 2024-02-28 | N/A | 6.7 MEDIUM |
| A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. | |||||
| CVE-2020-1754 | 1 Moodle | 1 Moodle | 2024-02-28 | N/A | 4.3 MEDIUM |
| In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. | |||||
| CVE-2022-32169 | 1 Bytebase | 1 Bytebase | 2024-02-28 | N/A | N/A |
| The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”. | |||||
| CVE-2022-36670 | 1 Pcprotect | 1 Endpoint | 2024-02-28 | N/A | 6.7 MEDIUM |
| PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | |||||
| CVE-2022-34891 | 1 Parallels | 1 Parallels Desktop | 2024-02-28 | N/A | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16395. | |||||
| CVE-2022-26239 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-02-28 | N/A | 5.5 MEDIUM |
| The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||
| CVE-2021-22648 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file. | |||||