Total
906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42130 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-11-18 | N/A | 4.3 MEDIUM |
| The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries. | |||||
| CVE-2022-44561 | 1 Huawei | 2 Emui, Harmonyos | 2022-11-17 | N/A | 7.5 HIGH |
| The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction. | |||||
| CVE-2020-13240 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. | |||||
| CVE-2022-36367 | 1 Intel | 1 Support | 2022-11-17 | N/A | 4.4 MEDIUM |
| Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-44548 | 1 Huawei | 2 Emui, Harmonyos | 2022-11-10 | N/A | 4.3 MEDIUM |
| There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. | |||||
| CVE-2022-34824 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2022-11-09 | N/A | 9.8 CRITICAL |
| Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | |||||
| CVE-2022-31500 | 1 Knime | 1 Knime Analytics Platform | 2022-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | |||||
| CVE-2022-43574 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2022-11-04 | N/A | 7.5 HIGH |
| "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." | |||||
| CVE-2022-28702 | 1 Abb | 1 E-design | 2022-11-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | |||||
| CVE-2021-40053 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-10-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity. | |||||
| CVE-2022-37006 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-27 | N/A | 7.5 HIGH |
| Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-3462 | 1 Lenovo | 125 Power Management Driver, Thinkpad 11e Gen 5, Thinkpad 11e Yoga Gen 6 and 122 more | 2022-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object. | |||||
| CVE-2021-32725 | 1 Nextcloud | 1 Nextcloud Server | 2022-10-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. | |||||
| CVE-2021-21957 | 1 Dreamreport | 1 Remote Connector | 2022-10-24 | 6.8 MEDIUM | 7.3 HIGH |
| A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-5355 | 1 Dell | 1 Emc Isilon Onefs | 2022-10-24 | N/A | 4.3 MEDIUM |
| The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended. | |||||
| CVE-2013-4281 | 1 Redhat | 1 Openshift | 2022-10-21 | N/A | 5.5 MEDIUM |
| In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file. | |||||
| CVE-2020-28041 | 1 Netgear | 2 Nighthawk R7000, Nighthawk R7000 Firmware | 2022-10-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data. | |||||
| CVE-2021-40416 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-42464 | 1 Openharmony | 1 Openharmony | 2022-10-18 | N/A | 7.8 HIGH |
| OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. | |||||
| CVE-2021-43986 | 1 Fanuc | 1 Roboguide | 2022-10-17 | 4.4 MEDIUM | 7.0 HIGH |
| The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation. | |||||