Total
1627 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44715 | 1 Netscout | 1 Ngeniusone | 2026-06-17 | N/A | 8.8 HIGH |
| Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload. | |||||
| CVE-2022-44263 | 1 Dentsplysirona | 1 Sidexis | 2026-06-17 | N/A | 7.8 HIGH |
| Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control. | |||||
| CVE-2022-43946 | 1 Fortinet | 1 Forticlient | 2026-06-17 | N/A | 7.5 HIGH |
| Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. | |||||
| CVE-2022-43915 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2026-06-17 | N/A | 6.8 MEDIUM |
| IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges. | |||||
| CVE-2022-43845 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2026-06-17 | N/A | 3.7 LOW |
| IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | |||||
| CVE-2022-43773 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2026-06-17 | N/A | 8.8 HIGH |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. | |||||
| CVE-2022-43517 | 1 Siemens | 1 Star-ccm\+ | 2026-06-17 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter STAR-CCM+ (All versions < V2306). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges. | |||||
| CVE-2022-43309 | 1 Supermicro | 292 H11dsi, H11dsi-nt, H11dsi-nt Firmware and 289 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. | |||||
| CVE-2022-42972 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2026-06-17 | N/A | 7.8 HIGH |
| A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | |||||
| CVE-2022-42949 | 1 Silverstripe | 1 Subsites | 2026-06-17 | N/A | 7.5 HIGH |
| Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions. | |||||
| CVE-2022-41926 | 1 Nextcloud | 1 Talk | 2026-06-17 | N/A | 3.3 LOW |
| Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue. | |||||
| CVE-2022-41771 | 1 Intel | 1 Quickassist Technology | 2026-06-17 | N/A | 6.5 MEDIUM |
| Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-41766 | 1 Mediawiki | 1 Mediawiki | 2026-06-17 | N/A | 4.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed). | |||||
| CVE-2022-41700 | 1 Intel | 1 Nuc Pro Software Suite | 2026-06-17 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41699 | 1 Intel | 1 Quickassist Technology | 2026-06-17 | N/A | 8.2 HIGH |
| Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41658 | 1 Intel | 1 Vtune Profiler | 2026-06-17 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-40817 | 1 Zammad | 1 Zammad | 2026-06-17 | N/A | 4.3 MEDIUM |
| Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2. | |||||
| CVE-2022-40756 | 1 Actian | 2 Psql, Zen | 2026-06-17 | N/A | 8.8 HIGH |
| If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database. | |||||
| CVE-2022-40298 | 1 Crestron | 1 Airmedia | 2026-06-17 | N/A | 8.8 HIGH |
| Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell. | |||||
| CVE-2022-3258 | 1 Hypr | 1 Workforce Access | 2026-06-17 | N/A | 3.7 LOW |
| Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse. | |||||