Total
1452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22148 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | |||||
| CVE-2022-22141 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | |||||
| CVE-2022-21946 | 1 Opensuse | 2 Cscreen, Factory | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. | |||||
| CVE-2022-21939 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2024-11-21 | N/A | 7.5 HIGH |
| Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | |||||
| CVE-2022-21819 | 1 Nvidia | 3 Jetson Linux, Jetson Nano, Jetson Nano 2gb | 2024-11-21 | 4.6 MEDIUM | 7.6 HIGH |
| NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components. | |||||
| CVE-2022-21694 | 1 Onionshare | 1 Onionshare | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images. | |||||
| CVE-2022-20399 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel | |||||
| CVE-2022-20398 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734 | |||||
| CVE-2022-20234 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle (e.g. Settings app) to make users enable notification access permission for the malicious app. That is, users believe they enable the notification access permission for the Settings app, but actually they enable the notification access permission for the malicious app.Once the malicious app gets the notification access permission, it can read all notifications, including users' personal information.Product: AndroidVersions: Android-12LAndroid ID: A-225189301 | |||||
| CVE-2022-20218 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-223907044 | |||||
| CVE-2022-1655 | 1 Redhat | 1 Openstack | 2024-11-21 | N/A | 6.5 MEDIUM |
| An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity. | |||||
| CVE-2022-1596 | 1 Abb | 6 Rex640 Pcl1, Rex640 Pcl1 Firmware, Rex640 Pcl2 and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. | |||||
| CVE-2022-1412 | 1 Premierethemes | 1 Log Wp Mail | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. | |||||
| CVE-2022-1316 | 2 Microsoft, Zerotier | 2 Windows, Zerotierone | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation | |||||
| CVE-2022-0652 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | |||||
| CVE-2022-0556 | 1 Zyxel | 1 Zyxel Ap Configurator | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | |||||
| CVE-2022-0532 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift Container Platform | 2024-11-21 | 4.9 MEDIUM | 4.2 MEDIUM |
| An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. | |||||
| CVE-2022-0483 | 2 Acronis, Microsoft | 2 Vss Doctor, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53 | |||||
| CVE-2022-0338 | 1 Loguru Project | 1 Loguru | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3. | |||||
| CVE-2022-0277 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11. | |||||