Total
1332 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-4630 | 1 Daloradius | 1 Daloradius | 2024-08-03 | 5.3 Medium |
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. | ||||
CVE-2022-3258 | 1 Hypr | 1 Workforce Access | 2024-08-03 | 3.7 Low |
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Windows allows Authentication Abuse. | ||||
CVE-2022-3101 | 2 Openstack, Redhat | 3 Tripleo Ansible, Openstack, Openstack For Ibm Power | 2024-08-03 | 5.5 Medium |
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. | ||||
CVE-2022-3146 | 2 Openstack, Redhat | 3 Tripleo Ansible, Openstack, Openstack For Ibm Power | 2024-08-03 | 5.5 Medium |
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. | ||||
CVE-2022-2995 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2024-08-03 | 7.1 High |
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
CVE-2022-2975 | 1 Avaya | 1 Aura Application Enablement Services | 2024-08-03 | 7.7 High |
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. | ||||
CVE-2022-2227 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 3.1 Low |
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions | ||||
CVE-2022-2188 | 2 Mcafee, Microsoft | 2 Data Exchange Layer, Windows | 2024-08-03 | 6.5 Medium |
Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. | ||||
CVE-2022-1655 | 1 Redhat | 1 Openstack | 2024-08-03 | 6.5 Medium |
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity. | ||||
CVE-2022-1412 | 1 Premierethemes | 1 Log Wp Mail | 2024-08-03 | 7.5 High |
The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. | ||||
CVE-2022-1348 | 3 Fedoraproject, Logrotate Project, Redhat | 3 Fedora, Logrotate, Enterprise Linux | 2024-08-03 | 6.5 Medium |
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. | ||||
CVE-2022-1316 | 2 Microsoft, Zerotier | 2 Windows, Zerotierone | 2024-08-03 | 8.8 High |
Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation | ||||
CVE-2022-0652 | 1 Sophos | 1 Unified Threat Management | 2024-08-02 | 3.3 Low |
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | ||||
CVE-2022-0556 | 1 Zyxel | 1 Zyxel Ap Configurator | 2024-08-02 | 7.3 High |
A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | ||||
CVE-2022-0532 | 2 Kubernetes, Redhat | 3 Cri-o, Openshift, Openshift Container Platform | 2024-08-02 | 4.2 Medium |
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. | ||||
CVE-2022-0277 | 1 Microweber | 1 Microweber | 2024-08-02 | 6.5 Medium |
Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11. | ||||
CVE-2022-0338 | 1 Loguru Project | 1 Loguru | 2024-08-02 | 4.3 Medium |
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3. | ||||
CVE-2022-0247 | 1 Google | 1 Fuchsia | 2024-08-02 | 7.5 High |
An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions. | ||||
CVE-2023-52116 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | ||||
CVE-2023-51579 | 2024-08-02 | N/A | ||
Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions set on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22025. |