Total
906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37030 | 1 Grommunio | 1 Gromox | 2022-08-10 | N/A | 7.8 HIGH |
| Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module. | |||||
| CVE-2020-13535 | 1 Kepware | 1 Linkmaster | 2022-08-06 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges. | |||||
| CVE-2020-10145 | 1 Adobe | 1 Coldfusion | 2022-08-05 | 7.2 HIGH | 7.8 HIGH |
| The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. | |||||
| CVE-2021-40397 | 1 Advantech | 1 Wise-paas\/ota | 2022-07-30 | 9.3 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-13533 | 1 Dreamreport | 1 Dream Report | 2022-07-30 | 4.4 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. | |||||
| CVE-2020-13534 | 1 Dreamreport | 1 Dream Report | 2022-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-13532 | 1 Dreamreport | 1 Dream Report | 2022-07-30 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-27228 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2022-07-29 | 6.8 MEDIUM | 7.8 HIGH |
| An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. | |||||
| CVE-2022-2366 | 1 Mattermost | 1 Mattermost Server | 2022-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers. | |||||
| CVE-2022-22424 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-07-26 | N/A | 5.5 MEDIUM |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597. | |||||
| CVE-2019-17383 | 1 Netaddr Project | 1 Netaddr | 2022-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. | |||||
| CVE-2022-34737 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-07-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality. | |||||
| CVE-2022-30753 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 3.3 LOW |
| Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | |||||
| CVE-2022-30758 | 1 Google | 1 Android | 2022-07-16 | 2.1 LOW | 5.5 MEDIUM |
| Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. | |||||
| CVE-2022-33996 | 1 Devolutions | 1 Devolutions Server | 2022-07-14 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. | |||||
| CVE-2022-2270 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. | |||||
| CVE-2022-33023 | 1 Openhwgroup | 1 Cva6 | 2022-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. | |||||
| CVE-2021-41637 | 1 Melag | 1 Ftp Server | 2022-07-01 | 3.6 LOW | 7.1 HIGH |
| Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users. | |||||
| CVE-2021-41635 | 2 Melag, Microsoft | 2 Ftp Server, Windows | 2022-07-01 | 9.0 HIGH | 8.8 HIGH |
| When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. | |||||
| CVE-2020-4274 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2022-06-29 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980. | |||||