Total
1977 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30735 | 1 Samsung | 1 Account | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. | |||||
| CVE-2022-30695 | 1 Acronis | 1 Snap Deploy | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | |||||
| CVE-2022-30610 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-11-21 | 3.5 LOW | 4.5 MEDIUM |
| IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363. | |||||
| CVE-2022-30526 | 1 Zyxel | 50 Atp100, Atp100 Firmware, Atp100w and 47 more | 2024-11-21 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. | |||||
| CVE-2022-30298 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 7.0 HIGH |
| An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root. | |||||
| CVE-2022-2637 | 1 Hitachi | 1 Storage Plug-in | 2024-11-21 | N/A | 5.4 MEDIUM |
| Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0. | |||||
| CVE-2022-2568 | 1 Redhat | 2 Ansible Automation Platform, Enterprise Linux | 2024-11-21 | N/A | 6.5 MEDIUM |
| A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges. | |||||
| CVE-2022-2498 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.4 MEDIUM |
| An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author. | |||||
| CVE-2022-2317 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. | |||||
| CVE-2022-2273 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | N/A | 8.8 HIGH |
| The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request. | |||||
| CVE-2022-2249 | 1 Avaya | 1 Aura Communication Manager | 2024-11-21 | N/A | 7.7 HIGH |
| Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. | |||||
| CVE-2022-2063 | 1 Xgenecloud | 1 Nocodb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||||
| CVE-2022-2023 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. | |||||
| CVE-2022-29614 | 1 Sap | 2 Host Agent, Netweaver Abap | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
| SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. | |||||
| CVE-2022-29587 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2024-11-21 | 4.7 MEDIUM | 4.0 MEDIUM |
| Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges. | |||||
| CVE-2022-29526 | 4 Fedoraproject, Golang, Linux and 1 more | 4 Fedora, Go, Linux Kernel and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | |||||
| CVE-2022-29333 | 1 Cyberlink | 1 Powerdirector | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. | |||||
| CVE-2022-29218 | 1 Rubygems | 1 Rubygems.org | 2024-11-21 | 5.0 MEDIUM | 7.7 HIGH |
| RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious package. The bug has been patched, and is believed to have never been exploited, based on an extensive review of logs and existing gems by rubygems. The easiest way to ensure that an application has not been exploited by this vulnerability is to verify all downloaded .gems checksums match the checksum recorded in the RubyGems.org database. RubyGems.org has been patched and is no longer vulnerable to this issue. | |||||
| CVE-2022-29179 | 1 Cilium | 1 Cilium | 2024-11-21 | 7.2 HIGH | 7.5 HIGH |
| Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed, the attacker can escalate privileges to cluster admin by using Cilium's Kubernetes service account. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. There are no known workarounds available. | |||||
| CVE-2022-28169 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | N/A | 8.8 HIGH |
| Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. | |||||