Total
1261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27500 | 1 Intel | 1 Support | 2024-11-21 | N/A | 5.5 MEDIUM |
| Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-26855 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. | |||||
| CVE-2022-26839 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. | |||||
| CVE-2022-26595 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI. | |||||
| CVE-2022-26235 | 1 Beckmancoulter | 1 Remisol Advance | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows. | |||||
| CVE-2022-25943 | 1 Kingsoft | 1 Wps Office | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | |||||
| CVE-2022-25815 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2022-25814 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2022-25804 | 1 Igel | 1 Universal Management Suite | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser. | |||||
| CVE-2022-25570 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder. | |||||
| CVE-2022-25364 | 1 Gradle | 1 Enterprise | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.) | |||||
| CVE-2022-25327 | 1 Google | 1 Fscrypt | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above | |||||
| CVE-2022-24890 | 1 Nextcloud | 1 Talk | 2024-11-21 | 3.5 LOW | 2.4 LOW |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds. | |||||
| CVE-2022-24804 | 1 Discourse | 1 Discourse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category's permissions setting. | |||||
| CVE-2022-24343 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. | |||||
| CVE-2022-24337 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. | |||||
| CVE-2022-24301 | 2 Debian, Minetest | 2 Debian Linux, Minetest | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| In Minetest before 5.4.0, players can add or subtract items from a different player's inventory. | |||||
| CVE-2022-24113 | 2 Acronis, Microsoft | 5 Agent, Cyber Protect, Cyber Protect Home Office and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | |||||
| CVE-2022-23996 | 1 Samsung | 1 Wear Os | 2024-11-21 | 4.3 MEDIUM | 4.0 MEDIUM |
| Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission. | |||||
| CVE-2022-23995 | 1 Samsung | 1 Wear Os | 2024-11-21 | 4.3 MEDIUM | 4.0 MEDIUM |
| Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | |||||