Total
906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13554 | 1 Advantech | 1 Webaccess\/scada | 2022-09-30 | 7.2 HIGH | 7.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
| CVE-2022-3263 | 1 Measuresoft | 1 Scadapro Server | 2022-09-27 | N/A | 7.8 HIGH |
| The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges. | |||||
| CVE-2021-46834 | 1 Huawei | 2 Jad-al50, Jad-al50 Firmware | 2022-09-22 | N/A | 5.5 MEDIUM |
| A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4). | |||||
| CVE-2022-38764 | 2 Microsoft, Trendmicro | 2 Windows, Housecall | 2022-09-21 | N/A | 7.8 HIGH |
| A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer. | |||||
| CVE-2022-2528 | 1 Octopus | 1 Octopus Server | 2022-09-15 | N/A | 6.5 MEDIUM |
| In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. | |||||
| CVE-2022-38466 | 1 Siemens | 1 Coreshield One-way Gateway | 2022-09-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. | |||||
| CVE-2022-40109 | 1 Totolink | 2 A3002r, A3002r Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa. | |||||
| CVE-2022-37173 | 2 Microsoft, Vim | 2 Windows, Gvim | 2022-09-06 | N/A | 7.8 HIGH |
| An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. | |||||
| CVE-2021-3917 | 1 Redhat | 1 Coreos-installer | 2022-08-26 | N/A | 5.5 MEDIUM |
| A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-21911 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2022-08-24 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-37289 | 1 Planex | 2 Mzk-dp150n, Mzk-dp150n Firmware | 2022-08-23 | N/A | 7.2 HIGH |
| Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp. | |||||
| CVE-2022-26344 | 1 Intel | 1 Single Event Api | 2022-08-22 | N/A | 7.8 HIGH |
| Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-27500 | 1 Intel | 1 Support | 2022-08-22 | N/A | 5.5 MEDIUM |
| Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-44470 | 1 Intel | 1 Connect M | 2022-08-19 | N/A | 5.5 MEDIUM |
| Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-24402 | 1 Magento | 1 Magento | 2022-08-19 | 5.5 MEDIUM | 4.9 MEDIUM |
| Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization. | |||||
| CVE-2021-30490 | 2 Microsoft, Power-software-download | 2 Windows, Viewpower | 2022-08-17 | N/A | 7.8 HIGH |
| upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation. | |||||
| CVE-2021-39087 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling B2b Integrator and 3 more | 2022-08-17 | N/A | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109. | |||||
| CVE-2022-20272 | 1 Google | 1 Android | 2022-08-16 | N/A | 5.5 MEDIUM |
| In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672568 | |||||
| CVE-2022-37003 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-08-15 | N/A | 9.8 CRITICAL |
| The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files. | |||||
| CVE-2022-20246 | 1 Google | 1 Android | 2022-08-13 | N/A | 7.8 HIGH |
| In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230493191 | |||||