Total
2002 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4314 | 1 Ikus-soft | 1 Rdiffweb | 2024-08-03 | 9.8 Critical |
| Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2. | ||||
| CVE-2022-4294 | 5 Avast, Avg, Avira and 2 more | 5 Antivirus, Antivirus, Avira Security and 2 more | 2024-08-03 | 7.1 High |
| Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2022-4281 | 1 Facepay Project | 1 Facepay | 2024-08-03 | 6.3 Medium |
| A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability. | ||||
| CVE-2022-4173 | 1 Avast | 2 Avast, Avg Antivirus | 2024-08-03 | 7.3 High |
| A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. | ||||
| CVE-2022-4041 | 1 Hitachi | 1 Storage Plug-in | 2024-08-03 | 5.9 Medium |
| Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1. | ||||
| CVE-2022-3419 | 1 Addify | 1 Automatic User Roles Switcher | 2024-08-03 | 6.5 Medium |
| The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator | ||||
| CVE-2022-3422 | 1 Tooljet | 1 Tooljet | 2024-08-03 | 7.5 High |
| Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pass | ||||
| CVE-2022-3421 | 2 Apple, Google | 2 Macos, Drive | 2024-08-03 | 5.6 Medium |
| An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0 | ||||
| CVE-2022-3405 | 3 Acronis, Linux, Microsoft | 4 Cyber Backup, Cyber Protect, Linux Kernel and 1 more | 2024-08-03 | 8.8 High |
| Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. | ||||
| CVE-2022-3079 | 1 Festo | 4 Cpx-cec-c1, Cpx-cec-c1 Firmware, Cpx-cmxx and 1 more | 2024-08-03 | 7.5 High |
| Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. | ||||
| CVE-2022-3068 | 1 Octoprint | 1 Octoprint | 2024-08-03 | 8.8 High |
| Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3. | ||||
| CVE-2022-3088 | 2 Debian, Moxa | 129 Debian Linux, Aig-301-ap-azu-lx, Aig-301-ap-azu-lx Firmware and 126 more | 2024-08-03 | 7.8 High |
| UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. | ||||
| CVE-2022-2975 | 1 Avaya | 1 Aura Application Enablement Services | 2024-08-03 | 7.7 High |
| A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. | ||||
| CVE-2022-2637 | 1 Hitachi | 1 Storage Plug-in | 2024-08-03 | 5.4 Medium |
| Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0. | ||||
| CVE-2022-2568 | 1 Redhat | 2 Ansible Automation Platform, Enterprise Linux | 2024-08-03 | 6.5 Medium |
| A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges. | ||||
| CVE-2022-2498 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.4 Medium |
| An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author. | ||||
| CVE-2022-2273 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-08-03 | 8.8 High |
| The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request. | ||||
| CVE-2022-2317 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-08-03 | 9.8 Critical |
| The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. | ||||
| CVE-2022-2249 | 1 Avaya | 1 Aura Communication Manager | 2024-08-03 | 7.7 High |
| Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. | ||||
| CVE-2022-2063 | 1 Xgenecloud | 1 Nocodb | 2024-08-03 | 8.8 High |
| Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. | ||||