Total
1049 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29376 | 2 Apachefriends, Microsoft | 2 Xampp, Windows | 2024-08-03 | 8.8 High |
| Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | ||||
| CVE-2022-29178 | 1 Cilium | 1 Cilium | 2024-08-03 | 8.8 High |
| Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000 can access the API of Cilium via Unix domain socket available on the host where Cilium is running. This could allow malicious users to compromise integrity as well as system availability on that host. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. A potential workaround is to modify Cilium's DaemonSet to run with a certain command, which can be found in the GitHub Security Advisory for this vulnerability. | ||||
| CVE-2022-29162 | 3 Fedoraproject, Linuxfoundation, Redhat | 4 Fedora, Runc, Enterprise Linux and 1 more | 2024-08-03 | 5.9 Medium |
| runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. | ||||
| CVE-2022-28932 | 1 Dlink | 2 Dsl-g2452dg, Dsl-g2452dg Firmware | 2024-08-03 | 9.8 Critical |
| D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. | ||||
| CVE-2022-28999 | 1 Bloodshed | 1 Dev-c\+\+ | 2024-08-03 | 8.8 High |
| Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. | ||||
| CVE-2022-28218 | 1 Ciphermail | 1 Webmail Messenger | 2024-08-03 | 5.5 Medium |
| An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA). | ||||
| CVE-2022-27958 | 1 Febs-security Project | 1 Febs-security | 2024-08-03 | 5.4 Medium |
| Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information. | ||||
| CVE-2022-27960 | 1 Ofcms Project | 1 Ofcms | 2024-08-03 | 5.4 Medium |
| Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information. | ||||
| CVE-2022-27919 | 1 Gradle | 1 Enterprise | 2024-08-03 | 9.8 Critical |
| Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. | ||||
| CVE-2022-27840 | 1 Samsung | 1 Recovery | 2024-08-03 | 4.4 Medium |
| Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. | ||||
| CVE-2022-27650 | 3 Crun Project, Fedoraproject, Redhat | 4 Crun, Fedora, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
| A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | ||||
| CVE-2022-27652 | 4 Fedoraproject, Kubernetes, Mobyproject and 1 more | 5 Fedora, Cri-o, Moby and 2 more | 2024-08-03 | 5.3 Medium |
| A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | ||||
| CVE-2022-27649 | 3 Fedoraproject, Podman Project, Redhat | 15 Fedora, Podman, Developer Tools and 12 more | 2024-08-03 | 7.5 High |
| A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | ||||
| CVE-2022-27651 | 3 Buildah Project, Fedoraproject, Redhat | 4 Buildah, Fedora, Enterprise Linux and 1 more | 2024-08-03 | 6.8 Medium |
| A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. | ||||
| CVE-2022-27500 | 1 Intel | 1 Support | 2024-08-03 | 5.5 Medium |
| Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-26595 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-08-03 | 4.3 Medium |
| Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI. | ||||
| CVE-2022-26344 | 1 Intel | 1 Single Event Api | 2024-08-03 | 7.8 High |
| Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-26235 | 1 Beckmancoulter | 1 Remisol Advance | 2024-08-03 | 7.8 High |
| A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows. | ||||
| CVE-2022-25943 | 1 Kingsoft | 1 Wps Office | 2024-08-03 | 7.8 High |
| The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | ||||
| CVE-2022-25804 | 1 Igel | 1 Universal Management Suite | 2024-08-03 | 5.5 Medium |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKEY_LOCAL_MACHINE\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser. | ||||