Total
2002 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1901 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 5.3 Medium |
| In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | ||||
| CVE-2022-1823 | 1 Mcafee | 1 Consumer Product Removal Tool | 2024-08-03 | 7.9 High |
| Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file. | ||||
| CVE-2022-1770 | 1 Trudesk Project | 1 Trudesk | 2024-08-03 | 8.8 High |
| Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. | ||||
| CVE-2022-1654 | 1 Artbees | 2 Jupiter, Jupiterx | 2024-08-03 | 8.8 High |
| Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions | ||||
| CVE-2022-1397 | 1 Easyappointments | 1 Easyappointments | 2024-08-03 | 8.8 High |
| API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover. | ||||
| CVE-2022-1332 | 1 Mattermost | 1 Mattermost Server | 2024-08-03 | 4.3 Medium |
| One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | ||||
| CVE-2022-1227 | 4 Fedoraproject, Podman Project, Psgo Project and 1 more | 19 Fedora, Podman, Psgo and 16 more | 2024-08-02 | 8.8 High |
| A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | ||||
| CVE-2022-1256 | 1 Mcafee | 1 Agent | 2024-08-02 | 7.8 High |
| A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links. | ||||
| CVE-2022-1108 | 1 Lenovo | 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware | 2024-08-02 | 6.7 Medium |
| A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2022-1107 | 1 Lenovo | 60 Thinkpad 11e, Thinkpad 11e Firmware, Thinkpad 11e Yoga and 57 more | 2024-08-02 | 6.7 Medium |
| During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. | ||||
| CVE-2022-1003 | 1 Mattermost | 1 Mattermost | 2024-08-02 | 3.3 Low |
| One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads. | ||||
| CVE-2022-0668 | 1 Jfrog | 1 Artifactory | 2024-08-02 | 5.3 Medium |
| JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user. | ||||
| CVE-2022-0556 | 1 Zyxel | 1 Zyxel Ap Configurator | 2024-08-02 | 7.3 High |
| A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | ||||
| CVE-2022-0441 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-08-02 | 9.8 Critical |
| The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin | ||||
| CVE-2022-0222 | 1 Schneider-electric | 28 Modicon M340 Bmxnoe0100, Modicon M340 Bmxnoe0100 Firmware, Modicon M340 Bmxnoe0110 and 25 more | 2024-08-02 | 7.5 High |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24) | ||||
| CVE-2022-0144 | 2 Redhat, Shelljs Project | 2 Acm, Shelljs | 2024-08-02 | 7.1 High |
| shelljs is vulnerable to Improper Privilege Management | ||||
| CVE-2022-0090 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 6.5 Medium |
| An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI. | ||||
| CVE-2023-52116 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
| Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | ||||
| CVE-2023-51546 | 2024-08-02 | 7.2 High | ||
| Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1. | ||||
| CVE-2023-51476 | 1 Wpmlmsoftware | 1 Wp Mlm Unilevel | 2024-08-02 | 9.8 Critical |
| Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0. | ||||