Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20254 | 1 Google | 1 Android | 2022-10-25 | N/A | 8.8 HIGH |
| In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-223377547 | |||||
| CVE-2021-1836 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2022-10-25 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files. | |||||
| CVE-2021-3101 | 1 Hotdog Project | 1 Hotdog | 2022-10-25 | 7.2 HIGH | 8.8 HIGH |
| Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container. | |||||
| CVE-2022-41835 | 1 F5 | 2 F5os-a, F5os-c | 2022-10-24 | N/A | 8.8 HIGH |
| In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller. | |||||
| CVE-2022-34438 | 1 Dell | 1 Emc Powerscale Onefs | 2022-10-24 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters. | |||||
| CVE-2021-20208 | 3 Fedoraproject, Redhat, Samba | 3 Fedora, Enterprise Linux, Cifs-utils | 2022-10-21 | 4.9 MEDIUM | 6.1 MEDIUM |
| A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2022-42197 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2022-10-21 | N/A | 6.5 MEDIUM |
| In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. | |||||
| CVE-2022-22239 | 1 Juniper | 1 Junos Os Evolved | 2022-10-20 | N/A | 8.8 HIGH |
| An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-EVO; 21.2-EVO versions prior to 21.2R2-S1-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS. | |||||
| CVE-2022-3569 | 1 Synacor | 1 Zimbra Collaboration Suite | 2022-10-20 | N/A | 7.8 HIGH |
| Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'. | |||||
| CVE-2022-3421 | 2 Apple, Google | 2 Macos, Drive | 2022-10-19 | N/A | 7.3 HIGH |
| An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0 | |||||
| CVE-2022-3368 | 1 Avira | 1 Avira Security | 2022-10-19 | N/A | 8.8 HIGH |
| A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556. | |||||
| CVE-2022-26691 | 4 Apple, Debian, Fedoraproject and 1 more | 6 Cups, Mac Os X, Macos and 3 more | 2022-10-19 | 7.2 HIGH | 6.7 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. | |||||
| CVE-2022-42717 | 2 Hashicorp, Linux | 2 Vagrant, Linux Kernel | 2022-10-18 | N/A | 7.8 HIGH |
| An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root. | |||||
| CVE-2022-2249 | 1 Avaya | 1 Aura Communication Manager | 2022-10-14 | N/A | 6.7 MEDIUM |
| Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0. | |||||
| CVE-2019-13702 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2022-10-14 | 6.8 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. | |||||
| CVE-2022-37979 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-10-13 | N/A | 7.8 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability. | |||||
| CVE-2018-17954 | 1 Suse | 2 Openstack Cloud, Openstack Cloud Crowbar | 2022-10-13 | 7.2 HIGH | 7.8 HIGH |
| An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-. | |||||
| CVE-2022-37976 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2022-10-12 | N/A | 8.8 HIGH |
| Active Directory Certificate Services Elevation of Privilege Vulnerability. | |||||
| CVE-2022-37971 | 1 Microsoft | 1 Malware Protection Engine | 2022-10-12 | N/A | 7.1 HIGH |
| Microsoft Windows Defender Elevation of Privilege Vulnerability. | |||||
| CVE-2022-37970 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2022-10-12 | N/A | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability. | |||||