Total
906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36391 | 1 Intel | 1 Nuc Pro Software Suite | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33963 | 1 Intel | 1 Unite | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33877 | 1 Fortinet | 2 Forticlient, Forticonverter | 2023-11-07 | N/A | 5.5 MEDIUM |
| An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder. | |||||
| CVE-2022-32743 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2023-11-07 | N/A | 7.5 HIGH |
| Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | |||||
| CVE-2022-30338 | 1 Intel | 1 Virtual Raid On Cpu | 2023-11-07 | N/A | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-29162 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Runc | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. | |||||
| CVE-2022-28218 | 1 Ciphermail | 1 Webmail Messenger | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA). | |||||
| CVE-2022-27651 | 3 Buildah Project, Fedoraproject, Redhat | 3 Buildah, Fedora, Enterprise Linux | 2023-11-07 | 4.9 MEDIUM | 6.8 MEDIUM |
| A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. | |||||
| CVE-2022-27650 | 3 Crun Project, Fedoraproject, Redhat | 4 Crun, Fedora, Enterprise Linux and 1 more | 2023-11-07 | 6.0 MEDIUM | 7.5 HIGH |
| A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | |||||
| CVE-2022-27649 | 3 Fedoraproject, Podman Project, Redhat | 14 Fedora, Podman, Developer Tools and 11 more | 2023-11-07 | 6.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | |||||
| CVE-2022-20732 | 1 Cisco | 1 Virtualized Infrastructure Manager | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device. | |||||
| CVE-2021-45083 | 2 Cobbler Project, Fedoraproject | 2 Cobbler, Fedora | 2023-11-07 | 3.6 LOW | 7.1 HIGH |
| An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password. | |||||
| CVE-2021-40123 | 1 Cisco | 1 Identity Services Engine | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted. | |||||
| CVE-2021-39658 | 1 Google | 1 Android | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks。Third-party apps can use this service to arbitrarily modify and set system properties。Product: AndroidVersions: Android SoCAndroid ID: A-207479207 | |||||
| CVE-2021-39635 | 1 Google | 1 Android | 2023-11-07 | 9.4 HIGH | 9.1 CRITICAL |
| ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634 | |||||
| CVE-2021-31822 | 2 Linux, Octopus | 2 Linux Kernel, Tentacle | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access. | |||||
| CVE-2021-31007 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences. | |||||
| CVE-2021-31006 | 1 Apple | 3 Macos, Tvos, Watchos | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences. | |||||
| CVE-2021-31000 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-11-07 | 4.3 MEDIUM | 3.3 LOW |
| A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information. | |||||
| CVE-2021-30999 | 1 Apple | 2 Ipados, Iphone Os | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be unable to fully delete browsing history. | |||||