Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23276 | 2 Linux, Microsoft | 2 Linux Kernel, Sql Server | 2022-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| SQL Server for Linux Containers Elevation of Privilege Vulnerability. | |||||
| CVE-2022-23273 | 1 Microsoft | 1 Dynamics Gp | 2022-02-14 | 9.0 HIGH | 8.8 HIGH |
| Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23272. | |||||
| CVE-2022-23272 | 1 Microsoft | 1 Dynamics Gp | 2022-02-14 | 9.0 HIGH | 8.8 HIGH |
| Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23273. | |||||
| CVE-2022-23271 | 1 Microsoft | 1 Dynamics Gp | 2022-02-14 | 9.0 HIGH | 8.8 HIGH |
| Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23272, CVE-2022-23273. | |||||
| CVE-2022-21996 | 1 Microsoft | 1 Windows 11 | 2022-02-14 | 7.2 HIGH | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability. | |||||
| CVE-2022-23263 | 1 Microsoft | 1 Edge Chromium | 2022-02-11 | 4.4 MEDIUM | 7.7 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262. | |||||
| CVE-2022-23262 | 1 Microsoft | 1 Edge Chromium | 2022-02-11 | 6.8 MEDIUM | 6.3 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263. | |||||
| CVE-2022-22832 | 1 Servisnet | 1 Tessa | 2022-02-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request. | |||||
| CVE-2016-8219 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2022-02-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails. | |||||
| CVE-2022-0144 | 1 Shelljs Project | 1 Shelljs | 2022-02-09 | 3.6 LOW | 7.1 HIGH |
| shelljs is vulnerable to Improper Privilege Management | |||||
| CVE-2022-22509 | 1 Phoenixcontact | 130 Fl Switch 2005, Fl Switch 2005 Firmware, Fl Switch 2008 and 127 more | 2022-02-04 | 9.0 HIGH | 8.8 HIGH |
| In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration. | |||||
| CVE-2022-23727 | 1 Lg | 1 Webos | 2022-02-03 | 4.6 MEDIUM | 7.8 HIGH |
| There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege | |||||
| CVE-2022-23863 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-02-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. | |||||
| CVE-2020-7544 | 1 Schneider-electric | 1 Operator Terminal Expert Runtime | 2022-01-31 | 7.2 HIGH | 7.8 HIGH |
| A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert. | |||||
| CVE-2019-3843 | 4 Canonical, Fedoraproject, Netapp and 1 more | 8 Ubuntu Linux, Fedora, Cn1610 and 5 more | 2022-01-31 | 4.6 MEDIUM | 7.8 HIGH |
| It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled. | |||||
| CVE-2020-13776 | 3 Fedoraproject, Netapp, Systemd Project | 4 Fedora, Active Iq Unified Manager, Solidfire \& Hci Management Node and 1 more | 2022-01-31 | 6.2 MEDIUM | 6.7 MEDIUM |
| systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. | |||||
| CVE-2018-16888 | 4 Canonical, Netapp, Redhat and 1 more | 5 Ubuntu Linux, Active Iq Performance Analytics Services, Element Software and 2 more | 2022-01-31 | 1.9 LOW | 4.7 MEDIUM |
| It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. | |||||
| CVE-2017-1000082 | 1 Systemd Project | 1 Systemd | 2022-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. | |||||
| CVE-2022-22704 | 2 Alpinelinux, Zabbix | 2 Alpine Linux, Zabbix-agent2 | 2022-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. | |||||
| CVE-2015-8539 | 3 Canonical, Linux, Suse | 3 Ubuntu Linux, Linux Kernel, Linux Enterprise Real Time Extension | 2022-01-31 | 7.2 HIGH | 7.8 HIGH |
| The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. | |||||