Total
1333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31464 | 1 Adaware | 1 Protect | 2024-08-03 | 7.8 High |
| Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path. | ||||
| CVE-2022-31465 | 1 Siemens | 1 Xpedition Designer | 2024-08-03 | 7.8 High |
| A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | ||||
| CVE-2022-30929 | 1 Mini Tmall Project | 1 Mini Tmall | 2024-08-03 | 8.8 High |
| Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper. | ||||
| CVE-2022-30700 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-03 | 7.8 High |
| An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-30527 | 1 Siemens | 1 Sinec Nms | 2024-08-03 | 7.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | ||||
| CVE-2022-29527 | 1 Amazon | 1 Amazon Ssm Agent | 2024-08-03 | 7.0 High |
| Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition. | ||||
| CVE-2022-28802 | 1 Zapier | 1 Code By Zapier | 2024-08-03 | 9.9 Critical |
| Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.) | ||||
| CVE-2022-26526 | 2 Anaconda, Conda | 2 Anaconda3, Miniconda3 | 2024-08-03 | 7.8 High |
| Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed. | ||||
| CVE-2022-26240 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-08-03 | 6.5 Medium |
| The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | ||||
| CVE-2022-26250 | 1 Synametrics | 1 Synaman | 2024-08-03 | 7.8 High |
| Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. | ||||
| CVE-2022-26247 | 1 Teamwork Management System Project | 1 Teamwork Management System | 2024-08-03 | 5.9 Medium |
| TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password. | ||||
| CVE-2022-26281 | 1 Bigantsoft | 1 Bigant Server | 2024-08-03 | 7.5 High |
| BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. | ||||
| CVE-2022-26237 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-08-03 | 5.5 Medium |
| The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | ||||
| CVE-2022-26239 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-08-03 | 5.5 Medium |
| The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | ||||
| CVE-2022-26238 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-08-03 | 5.5 Medium |
| The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | ||||
| CVE-2022-26236 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-08-03 | 5.5 Medium |
| The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | ||||
| CVE-2022-25992 | 1 Intel | 1 Oneapi-cli | 2024-08-03 | 7.5 High |
| Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-24886 | 1 Nextcloud | 1 Nextcloud | 2024-08-03 | 2.2 Low |
| Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds. | ||||
| CVE-2022-25010 | 1 Stepmania | 1 Stepmania | 2024-08-03 | 9.1 Critical |
| The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. | ||||
| CVE-2022-24872 | 1 Shopware | 1 Shopware | 2024-08-03 | 8.1 High |
| Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue. | ||||