Total
883 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36781 | 1 Opensuse | 1 Factory | 2023-01-18 | 3.6 LOW | 4.4 MEDIUM |
| A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1. | |||||
| CVE-2021-1832 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2023-01-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic. | |||||
| CVE-2022-29909 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 8.8 HIGH |
| Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2022-47551 | 1 Apiman | 1 Apiman | 2022-12-27 | N/A | 6.5 MEDIUM |
| Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability. | |||||
| CVE-2022-20611 | 1 Google | 1 Android | 2022-12-15 | N/A | 7.8 HIGH |
| In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180 | |||||
| CVE-2022-45118 | 1 Openharmony | 1 Openharmony | 2022-12-12 | N/A | 5.5 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. | |||||
| CVE-2022-46382 | 1 Rackn | 1 Digital Rebar | 2022-12-08 | N/A | 8.8 HIGH |
| RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar. | |||||
| CVE-2022-42718 | 1 Ni | 1 Labview Command Line Interface | 2022-12-06 | N/A | 7.8 HIGH |
| Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-15852 | 3 Linux, Netapp, Xen | 5 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller and 2 more | 2022-12-03 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154. | |||||
| CVE-2021-3948 | 2 Konveyor, Redhat | 3 Mig-controller, Enterprise Linux, Migration Toolkit | 2022-12-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster. | |||||
| CVE-2022-41943 | 1 Sourcegraph | 1 Sourcegraph | 2022-11-26 | N/A | 7.2 HIGH |
| sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0. | |||||
| CVE-2022-42128 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-11-18 | N/A | 5.3 MEDIUM |
| The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API. | |||||
| CVE-2022-42127 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-11-18 | N/A | 5.3 MEDIUM |
| The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page. | |||||
| CVE-2022-42130 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-11-18 | N/A | 4.3 MEDIUM |
| The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries. | |||||
| CVE-2022-44561 | 1 Huawei | 2 Emui, Harmonyos | 2022-11-17 | N/A | 7.5 HIGH |
| The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction. | |||||
| CVE-2020-13240 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. | |||||
| CVE-2022-36367 | 1 Intel | 1 Support | 2022-11-17 | N/A | 4.4 MEDIUM |
| Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-44548 | 1 Huawei | 2 Emui, Harmonyos | 2022-11-10 | N/A | 4.3 MEDIUM |
| There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. | |||||
| CVE-2022-34824 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2022-11-09 | N/A | 9.8 CRITICAL |
| Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | |||||
| CVE-2022-31500 | 1 Knime | 1 Knime Analytics Platform | 2022-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | |||||