Total
1050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33196 | 2 Intel, Redhat | 273 Xeon D-1513n, Xeon D-1513n Firmware, Xeon D-1518 and 270 more | 2024-08-03 | 7.2 High |
| Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-33023 | 1 Openhwgroup | 1 Cva6 | 2024-08-03 | 7.5 High |
| CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. | ||||
| CVE-2022-32743 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-08-03 | 7.5 High |
| Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | ||||
| CVE-2022-32562 | 1 Couchbase | 1 Couchbase Server | 2024-08-03 | 8.8 High |
| An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. | ||||
| CVE-2022-32207 | 7 Apple, Debian, Fedoraproject and 4 more | 21 Macos, Debian Linux, Fedora and 18 more | 2024-08-03 | 9.8 Critical |
| When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | ||||
| CVE-2022-31500 | 1 Knime | 1 Knime Analytics Platform | 2024-08-03 | 7.8 High |
| In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | ||||
| CVE-2022-31254 | 2 Opensuse, Suse | 4 Leap, Rmt-server, Linux Enterprise Server and 1 more | 2024-08-03 | 7.8 High |
| A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. | ||||
| CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2024-08-03 | 7.8 High |
| Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | ||||
| CVE-2022-31071 | 1 Octopoller Project | 1 Octopoller | 2024-08-03 | 2.5 Low |
| Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octopoller 0.3.0. Two workarounds are available. Users can use the previous version of the gem, v0.1.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. | ||||
| CVE-2022-31072 | 1 Octokit Project | 1 Octokit | 2024-08-03 | 2.5 Low |
| Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octokit 4.25.0. Two workarounds are available. Users can use the previous version of the gem, v4.22.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. | ||||
| CVE-2022-30758 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. | ||||
| CVE-2022-30759 | 1 Nokia | 1 One-nds | 2024-08-03 | 8.8 High |
| In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | ||||
| CVE-2022-30753 | 1 Google | 1 Android | 2024-08-03 | 3.3 Low |
| Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | ||||
| CVE-2022-30747 | 1 Samsung | 1 Smartthings | 2024-08-03 | 5.5 Medium |
| PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. | ||||
| CVE-2022-30594 | 4 Debian, Linux, Netapp and 1 more | 24 Debian Linux, Linux Kernel, 8300 and 21 more | 2024-08-03 | 7.8 High |
| The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | ||||
| CVE-2022-30367 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2024-08-03 | 6.5 Medium |
| Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img. | ||||
| CVE-2022-30338 | 1 Intel | 1 Virtual Raid On Cpu | 2024-08-03 | 6.7 Medium |
| Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-30375 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2024-08-03 | 6.5 Medium |
| Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img. | ||||
| CVE-2022-29909 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-08-03 | 8.8 High |
| Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | ||||
| CVE-2022-29585 | 1 Mahara | 1 Mahara | 2024-08-03 | 7.5 High |
| In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). | ||||