Total
1482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33922 | 1 Dell | 1 Geodrive | 2026-06-17 | N/A | 7.0 HIGH |
| Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2022-33912 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected. | |||||
| CVE-2022-33877 | 1 Fortinet | 2 Forticlient, Forticonverter | 2026-06-17 | N/A | 7.0 HIGH |
| An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder. | |||||
| CVE-2022-33196 | 1 Intel | 272 Xeon D-1513n, Xeon D-1513n Firmware, Xeon D-1518 and 269 more | 2026-06-17 | N/A | 7.2 HIGH |
| Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33182 | 1 Broadcom | 1 Fabric Operating System | 2026-06-17 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. | |||||
| CVE-2022-33023 | 1 Openhwgroup | 1 Cva6 | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. | |||||
| CVE-2022-32743 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2026-06-17 | N/A | 7.5 HIGH |
| Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | |||||
| CVE-2022-32562 | 1 Couchbase | 1 Couchbase Server | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. | |||||
| CVE-2022-32207 | 6 Apple, Debian, Fedoraproject and 3 more | 19 Macos, Debian Linux, Fedora and 16 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | |||||
| CVE-2022-31500 | 1 Knime | 1 Knime Analytics Platform | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | |||||
| CVE-2022-31254 | 2 Opensuse, Suse | 4 Leap, Rmt-server, Linux Enterprise Server and 1 more | 2026-06-17 | N/A | 7.8 HIGH |
| A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. | |||||
| CVE-2022-31251 | 1 Opensuse | 1 Factory | 2026-06-17 | N/A | 6.5 MEDIUM |
| A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. | |||||
| CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2026-06-17 | N/A | 7.8 HIGH |
| Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | |||||
| CVE-2022-31072 | 1 Octokit Project | 1 Octokit | 2026-06-17 | 2.1 LOW | 2.5 LOW |
| Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octokit 4.25.0. Two workarounds are available. Users can use the previous version of the gem, v4.22.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. | |||||
| CVE-2022-31071 | 1 Octopoller Project | 1 Octopoller | 2026-06-17 | 2.1 LOW | 2.5 LOW |
| Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octopoller 0.3.0. Two workarounds are available. Users can use the previous version of the gem, v0.1.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. | |||||
| CVE-2022-30759 | 1 Nokia | 1 One-nds | 2026-06-17 | N/A | 8.8 HIGH |
| In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | |||||
| CVE-2022-30758 | 1 Google | 1 Android | 2026-06-17 | 2.1 LOW | 4.0 MEDIUM |
| Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. | |||||
| CVE-2022-30753 | 1 Google | 1 Android | 2026-06-17 | 2.1 LOW | 3.3 LOW |
| Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | |||||
| CVE-2022-30747 | 1 Samsung | 1 Smartthings | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. | |||||
| CVE-2022-30375 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2026-06-17 | 5.5 MEDIUM | 6.5 MEDIUM |
| Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img. | |||||