Total
1004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45306 | 1 Chocolatey | 1 Chocolatey Azure-pipelines-agent | 2022-12-01 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder. | |||||
| CVE-2022-41926 | 1 Nextcloud | 1 Talk | 2022-12-01 | N/A | 5.5 MEDIUM |
| Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are no known workarounds for this issue. | |||||
| CVE-2019-3893 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2022-11-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable. | |||||
| CVE-2018-1115 | 2 Opensuse, Postgresql | 2 Leap, Postgresql | 2022-11-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation. | |||||
| CVE-2021-43034 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation. | |||||
| CVE-2022-44280 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-11-28 | N/A | 6.5 MEDIUM |
| Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img. | |||||
| CVE-2022-44725 | 1 Opcfoundation | 1 Local Discovery Server | 2022-11-22 | N/A | 7.8 HIGH |
| OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). | |||||
| CVE-2022-38461 | 1 Wpml | 1 Wpml | 2022-11-21 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). | |||||
| CVE-2021-22716 | 1 Schneider-electric | 1 C-bus Toolkit | 2022-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Affected Product: C-Bus Toolkit (V1.15.9 and prior) | |||||
| CVE-2013-0885 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2022-11-18 | 7.5 HIGH | N/A |
| Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. | |||||
| CVE-2013-0887 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2022-11-18 | 7.5 HIGH | N/A |
| The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. | |||||
| CVE-2022-34314 | 1 Ibm | 1 Cics Tx | 2022-11-16 | N/A | 3.3 LOW |
| IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. | |||||
| CVE-2022-38183 | 1 Gitea | 1 Gitea | 2022-11-16 | N/A | 6.5 MEDIUM |
| In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. | |||||
| CVE-2022-45193 | 1 Bruhn-newtech | 1 Cbrn-analysis | 2022-11-16 | N/A | 8.8 HIGH |
| CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. | |||||
| CVE-2022-39887 | 1 Google | 1 Android | 2022-11-10 | N/A | 3.3 LOW |
| Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. | |||||
| CVE-2022-39883 | 1 Google | 1 Android | 2022-11-10 | N/A | 7.8 HIGH |
| Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API. | |||||
| CVE-2022-44746 | 1 Acronis | 1 Cyber Protect Home Office | 2022-11-08 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||||
| CVE-2022-44733 | 1 Acronis | 1 Cyber Protect Home Office | 2022-11-08 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | |||||
| CVE-2020-26932 | 2 Debian, Sympa | 2 Debian Linux, Sympa | 2022-11-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) | |||||
| CVE-2020-10781 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-11-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. | |||||