Total
1261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44548 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 4.3 MEDIUM |
| There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. | |||||
| CVE-2022-43574 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2024-11-21 | N/A | 7.5 HIGH |
| "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." | |||||
| CVE-2022-42464 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 6.7 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. | |||||
| CVE-2022-42150 | 1 Tinylab | 2 Cloud Lab, Linux Lab | 2024-11-21 | N/A | 10.0 CRITICAL |
| TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. | |||||
| CVE-2022-42130 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries. | |||||
| CVE-2022-42128 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API. | |||||
| CVE-2022-42127 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page. | |||||
| CVE-2022-41943 | 1 Sourcegraph | 1 Sourcegraph | 2024-11-21 | N/A | 9.0 CRITICAL |
| sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0. | |||||
| CVE-2022-41748 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 6.7 MEDIUM |
| A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-41687 | 2 Intel, Microsoft | 15 Nuc P14e Laptop Element, Windows 10 1507, Windows 10 1511 and 12 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41414 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | N/A | 5.3 MEDIUM |
| An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. | |||||
| CVE-2022-40971 | 1 Intel | 1 Nuc Hdmi Firmware Update Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
| Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-40232 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597. | |||||
| CVE-2022-40187 | 2 Bushnellgolf, Foresightsports | 4 Launch Pro, Launch Pro Firmware, Gc3 Launch Monitor and 1 more | 2024-11-21 | N/A | 8.0 HIGH |
| Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property. | |||||
| CVE-2022-40109 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa. | |||||
| CVE-2022-3884 | 2 Hitachi, Microsoft | 2 Ops Center Analyzer, Windows | 2024-11-21 | N/A | 7.3 HIGH |
| Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. | |||||
| CVE-2022-3758 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet. | |||||
| CVE-2022-3466 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift Container Platform | 2024-11-21 | N/A | 4.8 MEDIUM |
| The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652. | |||||
| CVE-2022-3432 | 1 Lenovo | 2 Ideapad Y700-14isk, Ideapad Y700-14isk Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
| A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | |||||
| CVE-2022-3431 | 1 Lenovo | 50 D330-10igl, D330-10igl Firmware, Ideapad 5 Pro-16ach6 and 47 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | |||||