Total
1004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21819 | 1 Nvidia | 3 Jetson Linux, Jetson Nano, Jetson Nano 2gb | 2022-03-22 | 4.6 MEDIUM | 7.6 HIGH |
| NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components. | |||||
| CVE-2022-22148 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2022-03-18 | 6.9 MEDIUM | 7.8 HIGH |
| 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | |||||
| CVE-2021-4199 | 1 Bitdefender | 4 Antivirus Plus, Endpoint Security Tools, Internet Security and 1 more | 2022-03-11 | 7.2 HIGH | 7.8 HIGH |
| Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146. | |||||
| CVE-2022-26157 | 1 Cherwell | 1 Cherwell Service Management | 2022-03-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels. | |||||
| CVE-2022-0247 | 1 Google | 1 Fuchsia | 2022-03-08 | 2.1 LOW | 5.5 MEDIUM |
| An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions. | |||||
| CVE-2022-25363 | 1 Watchguard | 1 Fireware | 2022-03-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | |||||
| CVE-2022-24327 | 1 Jetbrains | 1 Hub | 2022-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | |||||
| CVE-2021-3557 | 2 Linuxfoundation, Redhat | 2 Argo-cd, Openshift Gitops | 2022-03-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2022-25335 | 1 Rigoblock | 1 Drago | 2022-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendor's vulnerability announcement date, the vulnerability will not be remediated until a major protocol upgrade occurs. | |||||
| CVE-2022-0532 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift Container Platform | 2022-02-22 | 4.9 MEDIUM | 4.2 MEDIUM |
| An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. | |||||
| CVE-2022-0483 | 2 Acronis, Microsoft | 2 Vss Doctor, Windows | 2022-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53 | |||||
| CVE-2021-39992 | 1 Huawei | 1 Emui | 2022-02-15 | 4.6 MEDIUM | 7.8 HIGH |
| There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | |||||
| CVE-2022-23132 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2022-02-10 | 7.5 HIGH | 7.3 HIGH |
| During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level | |||||
| CVE-2021-22284 | 1 Abb | 1 Opc Server For Ac 800m | 2022-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. | |||||
| CVE-2011-4339 | 2 Ipmitool Project, Redhat | 2 Ipmitool, Enterprise Linux | 2022-02-03 | 3.6 LOW | N/A |
| ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. | |||||
| CVE-2008-4870 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2022-02-03 | 2.1 LOW | N/A |
| dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value. | |||||
| CVE-2022-0270 | 1 Mirantis | 1 Bored-agent | 2022-02-01 | 6.5 MEDIUM | 8.8 HIGH |
| Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups. | |||||
| CVE-2022-21694 | 1 Onionshare | 1 Onionshare | 2022-01-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images. | |||||
| CVE-2022-22988 | 1 Westerndigital | 1 Edgerover | 2022-01-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. | |||||
| CVE-2021-20874 | 1 Groupsession | 1 Groupsession | 2022-01-10 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain sensitive information via unspecified vectors. | |||||