Total
1220 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42949 | 1 Silverstripe | 1 Subsites | 2023-01-03 | N/A | 7.5 HIGH |
| Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions. | |||||
| CVE-2022-4630 | 1 Daloradius | 1 Daloradius | 2022-12-28 | N/A | 5.3 MEDIUM |
| Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. | |||||
| CVE-2019-3467 | 3 Canonical, Debian, Skolelinux | 4 Ubuntu Linux, Debian-lan-config, Debian Linux and 1 more | 2022-12-22 | 7.2 HIGH | 7.8 HIGH |
| Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. | |||||
| CVE-2018-1002150 | 1 Koji Project | 1 Koji | 2022-12-21 | 7.5 HIGH | 9.1 CRITICAL |
| Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. | |||||
| CVE-2017-15906 | 5 Debian, Netapp, Openbsd and 2 more | 22 Debian Linux, Active Iq Unified Manager, Cloud Backup and 19 more | 2022-12-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | |||||
| CVE-2019-4078 | 1 Ibm | 1 Websphere Mq | 2022-12-09 | 7.2 HIGH | 7.8 HIGH |
| IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190. | |||||
| CVE-2022-2975 | 1 Avaya | 1 Aura Application Enablement Services | 2022-12-02 | N/A | 6.7 MEDIUM |
| A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. | |||||
| CVE-2022-45301 | 1 Chocolatey | 1 Chocolatey Ruby | 2022-12-01 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder. | |||||
| CVE-2022-45304 | 1 Chocolatey | 1 Chocolatey Cmder | 2022-12-01 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder. | |||||
| CVE-2022-45307 | 1 Chocolatey | 1 Chocolatey Php | 2022-12-01 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder. | |||||
| CVE-2022-45305 | 1 Chocolatey | 1 Chocolatey Python3 | 2022-12-01 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder. | |||||
| CVE-2022-45306 | 1 Chocolatey | 1 Chocolatey Azure-pipelines-agent | 2022-12-01 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder. | |||||
| CVE-2022-41926 | 1 Nextcloud | 1 Talk | 2022-12-01 | N/A | 5.5 MEDIUM |
| Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue. | |||||
| CVE-2019-3893 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2022-11-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable. | |||||
| CVE-2021-43034 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation. | |||||
| CVE-2022-44725 | 1 Opcfoundation | 1 Local Discovery Server | 2022-11-22 | N/A | 7.8 HIGH |
| OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). | |||||
| CVE-2021-22716 | 1 Schneider-electric | 1 C-bus Toolkit | 2022-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Affected Product: C-Bus Toolkit (V1.15.9 and prior) | |||||
| CVE-2022-45193 | 1 Bruhn-newtech | 1 Cbrn-analysis | 2022-11-16 | N/A | 8.8 HIGH |
| CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. | |||||
| CVE-2022-44746 | 1 Acronis | 1 Cyber Protect Home Office | 2022-11-08 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||||
| CVE-2022-44733 | 1 Acronis | 1 Cyber Protect Home Office | 2022-11-08 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | |||||