Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-732
Total 1004 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1348 2 Fedoraproject, Logrotate Project 2 Fedora, Logrotate 2022-10-19 4.0 MEDIUM 6.5 MEDIUM
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.
CVE-2022-41471 1 74cmsse 1 74cmsse 2022-10-18 N/A 6.5 MEDIUM
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.
CVE-2021-38483 1 Fanuc 1 Roboguide 2022-10-17 3.3 LOW 5.7 MEDIUM
The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation.
CVE-2021-3631 2 Netapp, Redhat 4 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt and 1 more 2022-10-16 3.3 LOW 6.3 MEDIUM
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2020-6267 1 Sap 1 Disclosure Management 2022-10-12 5.8 MEDIUM 5.4 MEDIUM
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.
CVE-2022-26236 2 Beckmancoulter, Microsoft 2 Remisol Advance, Windows 2022-10-11 N/A 5.5 MEDIUM
The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
CVE-2022-26238 2 Beckmancoulter, Microsoft 2 Remisol Advance, Windows 2022-10-11 N/A 5.5 MEDIUM
The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
CVE-2022-26240 2 Beckmancoulter, Microsoft 2 Remisol Advance, Windows 2022-10-11 N/A 6.5 MEDIUM
The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
CVE-2022-26239 2 Beckmancoulter, Microsoft 2 Remisol Advance, Windows 2022-10-09 N/A 5.5 MEDIUM
The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
CVE-2022-26237 2 Beckmancoulter, Microsoft 2 Remisol Advance, Windows 2022-10-09 N/A 5.5 MEDIUM
The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
CVE-2021-3532 2 Fedoraproject, Redhat 6 Fedora, Ansible Automation Platform, Ansible Engine and 3 more 2022-10-07 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
CVE-2020-10699 1 Targetcli-fb Project 1 Targetcli-fb 2022-10-07 7.2 HIGH 7.8 HIGH
A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.
CVE-2019-9166 1 Nagios 1 Nagios Xi 2022-10-06 7.2 HIGH 7.8 HIGH
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
CVE-2018-17766 1 Ingenico 2 Telium 2, Telium 2 Firmware 2022-10-05 2.1 LOW 4.6 MEDIUM
Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
CVE-2022-23726 1 Pingidentity 1 Pingcentral 2022-10-04 N/A 4.9 MEDIUM
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.
CVE-2017-0884 1 Nextcloud 1 Nextcloud Server 2022-10-04 4.0 MEDIUM 4.3 MEDIUM
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.
CVE-2022-32169 1 Bytebase 1 Bytebase 2022-10-03 N/A 4.3 MEDIUM
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
CVE-2022-40817 1 Zammad 1 Zammad 2022-09-29 N/A 4.3 MEDIUM
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.
CVE-2022-0803 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-39219 1 Xbifrost 1 Bifrost 2022-09-28 N/A 6.5 MEDIUM
Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.