Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1107 | 1 Lenovo | 60 Thinkpad 11e, Thinkpad 11e Firmware, Thinkpad 11e Yoga and 57 more | 2022-05-12 | 7.2 HIGH | 6.7 MEDIUM |
| During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. | |||||
| CVE-2022-25782 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2022-05-11 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7. | |||||
| CVE-2021-36207 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2022-05-11 | 8.5 HIGH | 8.8 HIGH |
| Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. | |||||
| CVE-2021-36784 | 1 Suse | 1 Rancher | 2022-05-09 | 6.5 MEDIUM | 7.2 HIGH |
| A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. | |||||
| CVE-2021-35064 | 1 Kramerav | 1 Viaware | 2022-04-29 | 10.0 HIGH | 9.8 CRITICAL |
| KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg. | |||||
| CVE-2022-0071 | 1 Hotdog Project | 1 Hotdog | 2022-04-29 | 7.2 HIGH | 8.8 HIGH |
| Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host, modify devices, or make syscalls that would otherwise be blocked. | |||||
| CVE-2020-3812 | 3 Canonical, Debian, Netqmail | 3 Ubuntu Linux, Debian Linux, Netqmail | 2022-04-28 | 2.1 LOW | 5.5 MEDIUM |
| qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first. | |||||
| CVE-2020-24848 | 1 Fruitywifi Project | 1 Fruitywifi | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system. | |||||
| CVE-2022-25372 | 2 Microsoft, Pritunl | 2 Windows, Pritunl-client-electron | 2022-04-27 | 7.2 HIGH | 7.8 HIGH |
| Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. | |||||
| CVE-2021-25365 | 1 Google | 1 Android | 2022-04-26 | 7.2 HIGH | 7.8 HIGH |
| An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd. | |||||
| CVE-2021-23193 | 1 Gallagher | 1 Command Centre | 2022-04-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions. | |||||
| CVE-2021-21567 | 1 Dell | 1 Powerscale Onefs | 2022-04-26 | 4.6 MEDIUM | 7.8 HIGH |
| Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. | |||||
| CVE-2021-23999 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | |||||
| CVE-2021-27483 | 1 Zoll | 1 Defibrillator Dashboard | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user. | |||||
| CVE-2021-33697 | 1 Sap | 1 Businessobjects Business Intelligence | 2022-04-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
| CVE-2021-3576 | 1 Bitdefender | 2 Endpoint Security Tools, Total Security | 2022-04-25 | 7.2 HIGH | 7.8 HIGH |
| Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. | |||||
| CVE-2018-14787 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. | |||||
| CVE-2020-16238 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. | |||||
| CVE-2022-1332 | 1 Mattermost | 1 Mattermost Server | 2022-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | |||||
| CVE-2022-23160 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files. | |||||