Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41290 | 1 Ibm | 2 Aix, Vios | 2022-12-30 | N/A | 8.4 HIGH |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690. | |||||
| CVE-2022-4687 | 1 Usememos | 1 Memos | 2022-12-30 | N/A | 8.1 HIGH |
| Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-42046 | 1 Wfs | 1 Heaven Burns Red | 2022-12-29 | N/A | 7.8 HIGH |
| wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary user to perform local privilege escalation | |||||
| CVE-2022-38060 | 1 Openstack | 1 Kolla | 2022-12-28 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. | |||||
| CVE-2022-41653 | 1 Daikinlatam | 2 Svmpc1, Svmpc2 | 2022-12-16 | N/A | 9.8 CRITICAL |
| Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system. | |||||
| CVE-2022-44708 | 1 Microsoft | 2 Edge, Edge Chromium | 2022-12-16 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. | |||||
| CVE-2022-38124 | 1 Secomea | 24 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 21 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. | |||||
| CVE-2022-41115 | 1 Microsoft | 1 Edge Chromium | 2022-12-15 | N/A | 6.6 MEDIUM |
| Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability. | |||||
| CVE-2021-32415 | 1 Msi | 1 Wrapper | 2022-12-15 | N/A | 7.8 HIGH |
| EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates. | |||||
| CVE-2022-41268 | 1 Sap | 1 Business Planning And Consolidation | 2022-12-15 | N/A | 7.5 HIGH |
| In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized transaction functionality. Under specific circumstances, a successful attack could enable an adversary to escalate their privileges to be able to read, change or delete system data. | |||||
| CVE-2022-4314 | 1 Ikus-soft | 1 Rdiffweb | 2022-12-15 | N/A | 9.8 CRITICAL |
| Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2. | |||||
| CVE-2022-37929 | 1 Hpe | 18 Hf20, Hf20 Firmware, Hf20c and 15 more | 2022-12-13 | N/A | 5.5 MEDIUM |
| Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. | |||||
| CVE-2022-30526 | 1 Zyxel | 50 Atp100, Atp100 Firmware, Atp100w and 47 more | 2022-12-13 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. | |||||
| CVE-2022-23485 | 1 Sentry | 1 Sentry | 2022-12-12 | N/A | 3.7 LOW |
| Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`). | |||||
| CVE-2022-4264 | 1 M-files | 1 M-files | 2022-12-12 | N/A | 4.3 MEDIUM |
| Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. | |||||
| CVE-2022-41948 | 1 Dhis2 | 1 Dhis 2 | 2022-12-12 | N/A | 7.2 HIGH |
| DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an HTTP PUT request. Only users with the following DHIS2 user role authorities can exploit this vulnerability. Note that in many systems the only users with user admin privileges are also superusers. In these cases, the escalation vulnerability does not exist. The vulnerability is only exploitable by attackers who can authenticate as users with the user admin authority. As this is usually a small and relatively trusted set of users, exploit vectors will often be limited. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. The only known workaround to this issue is to avoid the assignment of the user management authority to any users until the patch has been applied. | |||||
| CVE-2022-42888 | 1 Armemberplugin | 1 Armember | 2022-12-12 | N/A | 8.8 HIGH |
| Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress. | |||||
| CVE-2022-40297 | 1 Ubports | 1 Ubuntu Touch | 2022-12-09 | N/A | 7.8 HIGH |
| ** DISPUTED ** UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated." | |||||
| CVE-2019-4047 | 1 Ibm | 1 Jazz Reporting Service | 2022-12-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243. | |||||
| CVE-2019-4048 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2022-12-09 | 2.1 LOW | 2.1 LOW |
| IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. | |||||