Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32969 | 1 Metamask | 1 Metamask | 2022-07-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue. | |||||
| CVE-2022-31096 | 1 Discourse | 1 Discourse | 2022-07-07 | 2.1 LOW | 5.7 MEDIUM |
| Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue. | |||||
| CVE-2021-35079 | 1 Qualcomm | 122 Apq8053, Apq8053 Firmware, Aqt1000 and 119 more | 2022-06-22 | 2.1 LOW | 5.5 MEDIUM |
| Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-29594 | 2 Eginnovations, Microsoft | 5 Eg Agent, Eg Manager, Eg Rum Collectors and 2 more | 2022-06-13 | 7.2 HIGH | 7.8 HIGH |
| eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. | |||||
| CVE-2020-7063 | 4 Debian, Opensuse, Php and 1 more | 4 Debian Linux, Leap, Php and 1 more | 2022-05-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. | |||||
| CVE-2021-3523 | 1 Redhat | 1 Apicast | 2022-05-06 | 4.3 MEDIUM | 7.5 HIGH |
| A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. | |||||
| CVE-2019-0233 | 2 Apache, Oracle | 5 Struts, Communications Policy Management, Financial Services Data Integration Hub and 2 more | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. | |||||
| CVE-2022-24428 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. | |||||
| CVE-2021-3847 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2022-04-11 | 7.2 HIGH | 7.8 HIGH |
| An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. | |||||
| CVE-2021-39704 | 1 Google | 1 Android | 2022-03-23 | 4.6 MEDIUM | 7.8 HIGH |
| In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481 | |||||
| CVE-2021-39695 | 1 Google | 1 Android | 2022-03-23 | 7.2 HIGH | 7.8 HIGH |
| In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-209607944 | |||||
| CVE-2022-24618 | 1 Heimdalsecurity | 1 Heimdal Premium Security | 2022-03-16 | 7.2 HIGH | 7.8 HIGH |
| Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer. | |||||
| CVE-2022-21203 | 1 Intel | 1 Quartus Prime | 2022-02-15 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-30279 | 1 Qualcomm | 124 Ar8035, Ar8035 Firmware, Qca6390 and 121 more | 2022-01-12 | 7.2 HIGH | 7.8 HIGH |
| Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-0953 | 1 Google | 1 Android | 2021-12-20 | 7.2 HIGH | 7.8 HIGH |
| In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 | |||||
| CVE-2021-0927 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175 | |||||
| CVE-2021-0704 | 1 Google | 1 Android | 2021-12-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 | |||||
| CVE-2021-37086 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 5.0 MEDIUM | 8.6 HIGH |
| There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox. | |||||
| CVE-2021-37044 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-37056 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. | |||||