Total
1405 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22248 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | N/A | 7.3 HIGH |
| An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO. | |||||
| CVE-2022-22148 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | |||||
| CVE-2022-21946 | 1 Opensuse | 2 Cscreen, Factory | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. | |||||
| CVE-2022-21939 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2024-11-21 | N/A | 7.5 HIGH |
| Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | |||||
| CVE-2022-21819 | 1 Nvidia | 3 Jetson Linux, Jetson Nano, Jetson Nano 2gb | 2024-11-21 | 4.6 MEDIUM | 7.6 HIGH |
| NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components. | |||||
| CVE-2022-21694 | 1 Onionshare | 1 Onionshare | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images. | |||||
| CVE-2022-20399 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel | |||||
| CVE-2022-20398 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734 | |||||
| CVE-2022-20234 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle (e.g. Settings app) to make users enable notification access permission for the malicious app. That is, users believe they enable the notification access permission for the Settings app, but actually they enable the notification access permission for the malicious app.Once the malicious app gets the notification access permission, it can read all notifications, including users' personal information.Product: AndroidVersions: Android-12LAndroid ID: A-225189301 | |||||
| CVE-2022-20218 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-223907044 | |||||
| CVE-2022-1655 | 1 Redhat | 1 Openstack | 2024-11-21 | N/A | 6.5 MEDIUM |
| An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity. | |||||
| CVE-2022-1596 | 1 Abb | 6 Rex640 Pcl1, Rex640 Pcl1 Firmware, Rex640 Pcl2 and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. | |||||
| CVE-2022-1316 | 2 Microsoft, Zerotier | 2 Windows, Zerotierone | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation | |||||
| CVE-2022-0652 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | |||||
| CVE-2022-0556 | 1 Zyxel | 1 Zyxel Ap Configurator | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | |||||
| CVE-2022-0532 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift Container Platform | 2024-11-21 | 4.9 MEDIUM | 4.2 MEDIUM |
| An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. | |||||
| CVE-2022-0483 | 2 Acronis, Microsoft | 2 Vss Doctor, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53 | |||||
| CVE-2022-0277 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0247 | 1 Google | 1 Fuchsia | 2024-11-21 | 2.1 LOW | 7.5 HIGH |
| An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions. | |||||
| CVE-2021-4199 | 1 Bitdefender | 4 Antivirus Plus, Endpoint Security Tools, Internet Security and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146. | |||||