Total
1229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22149 | 1 Elastic | 1 Enterprise Search | 2022-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users. | |||||
| CVE-2021-3706 | 1 Pi-hole | 1 Web Interface | 2022-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | |||||
| CVE-2020-24394 | 5 Canonical, Linux, Opensuse and 2 more | 5 Ubuntu Linux, Linux Kernel, Leap and 2 more | 2022-10-25 | 3.6 LOW | 7.1 HIGH |
| In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. | |||||
| CVE-2021-22117 | 2 Microsoft, Vmware | 2 Windows, Rabbitmq | 2022-10-25 | 4.6 MEDIUM | 7.8 HIGH |
| RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. | |||||
| CVE-2021-3747 | 2 Apple, Canonical | 2 Macos, Multipass | 2022-10-25 | 4.6 MEDIUM | 7.8 HIGH |
| The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner. | |||||
| CVE-2021-32717 | 1 Shopware | 1 Shopware | 2022-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibility must be at the same level as `type`. When the Storage is saved on Amazon AWS we recommending disabling public access to the bucket containing the private files: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html. Otherwise, update to Shopware 6.4.1.1 or install or update the Security plugin (https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659) and run the command `./bin/console s3:set-visibility` to correct your cloud file visibilities. | |||||
| CVE-2021-22850 | 1 Hgiga | 1 Oaklouds Portal | 2022-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. | |||||
| CVE-2021-38475 | 1 Auvesy | 1 Versiondog | 2022-10-24 | 9.0 HIGH | 8.8 HIGH |
| The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions. | |||||
| CVE-2022-36122 | 2 Automox, Microsoft | 2 Automox, Windows | 2022-10-24 | N/A | 7.8 HIGH |
| The Automox Agent before 40 on Windows incorrectly sets permissions on key files. | |||||
| CVE-2021-24703 | 1 Metagauss | 1 Download Plugin | 2022-10-24 | 3.5 LOW | 5.7 MEDIUM |
| The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. | |||||
| CVE-2021-21364 | 1 Smartbear | 1 Swagger-codegen | 2022-10-21 | 2.1 LOW | 5.5 MEDIUM |
| swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default `umask` settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions `-rw-r--r--` and `drwxr-xr-x` respectively, unless an API that explicitly sets safe file permissions is used. Because this vulnerability impacts generated code, the generated code will remain vulnerable until fixed manually! This vulnerability is fixed in version 2.4.19. Note this is a distinct vulnerability from CVE-2021-21363. | |||||
| CVE-2021-20264 | 1 Oracle | 1 Openjdk | 2022-10-21 | 4.6 MEDIUM | 7.8 HIGH |
| An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2022-22248 | 1 Juniper | 1 Junos Os Evolved | 2022-10-20 | N/A | 7.3 HIGH |
| An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO. | |||||
| CVE-2021-38483 | 1 Fanuc | 1 Roboguide | 2022-10-17 | 3.3 LOW | 5.7 MEDIUM |
| The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation. | |||||
| CVE-2020-6267 | 1 Sap | 1 Disclosure Management | 2022-10-12 | 5.8 MEDIUM | 5.4 MEDIUM |
| Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag. | |||||
| CVE-2022-26236 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2022-10-11 | N/A | 5.5 MEDIUM |
| The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||
| CVE-2022-26238 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2022-10-11 | N/A | 5.5 MEDIUM |
| The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||
| CVE-2022-26240 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2022-10-11 | N/A | 6.5 MEDIUM |
| The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||
| CVE-2022-26239 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2022-10-10 | N/A | 5.5 MEDIUM |
| The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||
| CVE-2022-26237 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2022-10-10 | N/A | 5.5 MEDIUM |
| The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||