Total
906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13542 | 1 Logicaldoc | 1 Logicaldoc | 2022-06-07 | 7.2 HIGH | 7.8 HIGH |
| A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges. | |||||
| CVE-2022-29376 | 2 Apachefriends, Microsoft | 2 Xampp, Windows | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-28999 | 1 Bloodshed | 1 Dev-c\+\+ | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. | |||||
| CVE-2022-29178 | 1 Cilium | 1 Cilium | 2022-06-06 | 4.6 MEDIUM | 8.2 HIGH |
| Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000 can access the API of Cilium via Unix domain socket available on the host where Cilium is running. This could allow malicious users to compromise integrity as well as system availability on that host. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. A potential workaround is to modify Cilium's DaemonSet to run with a certain command, which can be found in the GitHub Security Advisory for this vulnerability. | |||||
| CVE-2021-33506 | 1 8x8 | 1 Jitsi Meet | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation. | |||||
| CVE-2010-4176 | 3 Dracut Project, Fedoraproject, Udev Project | 3 Dracut, Fedora, Udev | 2022-06-03 | 4.0 MEDIUM | N/A |
| plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. | |||||
| CVE-2019-17124 | 1 Kramerav | 1 Viaware | 2022-06-03 | 10.0 HIGH | 9.8 CRITICAL |
| Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. | |||||
| CVE-2020-9817 | 1 Apple | 1 Mac Os X | 2022-06-02 | 9.3 HIGH | 7.8 HIGH |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-40388 | 1 Advantech | 1 Sq Manager | 2022-05-31 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40389 | 1 Advantech | 1 Deviceon\/iedge | 2022-05-31 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40396 | 1 Advantech | 1 Deviceon\/iservice | 2022-05-31 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-24890 | 1 Nextcloud | 1 Talk | 2022-05-26 | 3.5 LOW | 4.3 MEDIUM |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds. | |||||
| CVE-2022-0997 | 1 Fidelissecurity | 2 Deception, Network | 2022-05-26 | 7.2 HIGH | 7.8 HIGH |
| Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2022-0486 | 1 Fidelissecurity | 2 Deception, Network | 2022-05-26 | 7.2 HIGH | 7.8 HIGH |
| Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2020-3766 | 2 Adobe, Microsoft | 2 Genuine Integrity Service, Windows | 2022-05-24 | 7.2 HIGH | 7.8 HIGH |
| Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2022-30375 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2022-05-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img. | |||||
| CVE-2022-30367 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2022-05-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img. | |||||
| CVE-2022-22518 | 1 Codesys | 10 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 7 more | 2022-05-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy. | |||||
| CVE-2021-22571 | 1 Google | 1 Sa360 Webquery To Bigquery Exporter | 2022-05-10 | 2.1 LOW | 5.5 MEDIUM |
| A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above. | |||||
| CVE-2022-29585 | 1 Mahara | 1 Mahara | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). | |||||