Total
883 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27228 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2022-07-29 | 6.8 MEDIUM | 7.8 HIGH |
| An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. | |||||
| CVE-2022-2366 | 1 Mattermost | 1 Mattermost Server | 2022-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers. | |||||
| CVE-2022-22424 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-26 | N/A | 5.5 MEDIUM |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597. | |||||
| CVE-2019-17383 | 1 Netaddr Project | 1 Netaddr | 2022-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. | |||||
| CVE-2022-34737 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-07-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality. | |||||
| CVE-2022-30753 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | |||||
| CVE-2022-30758 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 5.5 MEDIUM |
| Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. | |||||
| CVE-2022-33996 | 1 Devolutions | 1 Devolutions Server | 2022-07-14 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. | |||||
| CVE-2022-2270 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. | |||||
| CVE-2022-33023 | 1 Openhwgroup | 1 Cva6 | 2022-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. | |||||
| CVE-2021-41637 | 1 Melag | 1 Ftp Server | 2022-07-01 | 3.6 LOW | 7.1 HIGH |
| Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users. | |||||
| CVE-2021-41635 | 2 Melag, Microsoft | 2 Ftp Server, Windows | 2022-07-01 | 9.0 HIGH | 8.8 HIGH |
| When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. | |||||
| CVE-2020-4274 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-06-29 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980. | |||||
| CVE-2020-4270 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-06-29 | 4.6 MEDIUM | 7.8 HIGH |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846. | |||||
| CVE-2021-21910 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2022-06-29 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-13552 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
| CVE-2020-13553 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
| CVE-2020-13551 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
| CVE-2020-13555 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
| CVE-2022-1833 | 1 Redhat | 1 Amq Broker | 2022-06-29 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack. | |||||