Total
883 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26839 | 1 Deltaww | 1 Diaenergie | 2022-04-04 | 4.6 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. | |||||
| CVE-2021-40904 | 1 Tribe29 | 1 Checkmk | 2022-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator. | |||||
| CVE-2021-44905 | 1 Cef | 2 Fortessa Ftbtld, Fortessa Ftbtld Firmware | 2022-04-04 | 8.5 HIGH | 8.2 HIGH |
| Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name. | |||||
| CVE-2021-44751 | 1 F-secure | 1 Safe | 2022-04-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. | |||||
| CVE-2019-20106 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2022-03-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug. | |||||
| CVE-2021-43326 | 2 Automox, Microsoft | 2 Automox, Windows | 2022-03-29 | 4.6 MEDIUM | 7.8 HIGH |
| Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. | |||||
| CVE-2021-39694 | 1 Google | 1 Android | 2022-03-23 | 7.2 HIGH | 7.8 HIGH |
| In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202312327 | |||||
| CVE-2021-32006 | 1 Secomea | 1 Gatemanager | 2022-03-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files. | |||||
| CVE-2022-25814 | 1 Google | 1 Android | 2022-03-16 | 4.6 MEDIUM | 7.8 HIGH |
| PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2022-25815 | 1 Google | 1 Android | 2022-03-16 | 4.6 MEDIUM | 7.8 HIGH |
| PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2021-44215 | 1 Northern.tech | 1 Cfengine | 2022-03-15 | 2.1 LOW | 5.5 MEDIUM |
| Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact. | |||||
| CVE-2021-44216 | 1 Northern.tech | 1 Cfengine | 2022-03-15 | 2.1 LOW | 5.5 MEDIUM |
| Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files. | |||||
| CVE-2022-25943 | 1 Kingsoft | 1 Wps Office | 2022-03-14 | 4.6 MEDIUM | 7.8 HIGH |
| The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | |||||
| CVE-2021-40059 | 1 Huawei | 2 Emui, Magic Ui | 2022-03-14 | 3.3 LOW | 6.5 MEDIUM |
| There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2021-40049 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization. | |||||
| CVE-2021-41652 | 1 Batflat | 1 Batflat | 2022-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. | |||||
| CVE-2022-25327 | 1 Google | 1 Fscrypt | 2022-03-08 | 2.1 LOW | 5.5 MEDIUM |
| The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above | |||||
| CVE-2021-37103 | 1 Huawei | 2 Emui, Magic Ui | 2022-03-08 | 2.1 LOW | 5.5 MEDIUM |
| There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2022-23922 | 1 Win-911 | 2 Win-911 2021 R1, Win-911 2021 R2 | 2022-03-07 | 4.4 MEDIUM | 7.8 HIGH |
| WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | |||||
| CVE-2022-23104 | 1 Win-911 | 2 Win-911 2021 R1, Win-911 2021 R2 | 2022-03-07 | 4.4 MEDIUM | 7.8 HIGH |
| WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program. | |||||