Total
1555 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26250 | 1 Synametrics | 1 Synaman | 2024-11-21 | 7.8 High |
| Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. | ||||
| CVE-2022-26247 | 1 Teamwork Management System Project | 1 Teamwork Management System | 2024-11-21 | 5.9 Medium |
| TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password. | ||||
| CVE-2022-26240 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-11-21 | 6.5 Medium |
| The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | ||||
| CVE-2022-26239 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-11-21 | 5.5 Medium |
| The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | ||||
| CVE-2022-26238 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-11-21 | 5.5 Medium |
| The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | ||||
| CVE-2022-26237 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-11-21 | 5.5 Medium |
| The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | ||||
| CVE-2022-26236 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-11-21 | 5.5 Medium |
| The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | ||||
| CVE-2022-25010 | 1 Stepmania | 1 Stepmania | 2024-11-21 | 9.1 Critical |
| The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. | ||||
| CVE-2022-24769 | 6 Debian, Fedoraproject, Linux and 3 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-11-21 | 5.9 Medium |
| Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. | ||||
| CVE-2022-24327 | 1 Jetbrains | 1 Hub | 2024-11-21 | 7.5 High |
| In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. | ||||
| CVE-2022-24236 | 1 Snapt | 1 Aria | 2024-11-21 | 3.5 Low |
| An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts. | ||||
| CVE-2022-23869 | 1 Ruoyi | 1 Ruoyi | 2024-11-21 | 6.5 Medium |
| In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. | ||||
| CVE-2022-23743 | 1 Checkpoint | 1 Zonealarm | 2024-11-21 | 7.8 High |
| Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119 | ||||
| CVE-2022-23725 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 7.7 High |
| PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. | ||||
| CVE-2022-23448 | 1 Siemens | 2 Simatic Energy Manager Basic, Simatic Energy Manager Pro | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges. | ||||
| CVE-2022-23132 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | 3.3 Low |
| During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level | ||||
| CVE-2022-22988 | 1 Westerndigital | 1 Edgerover | 2024-11-21 | 7.7 High |
| File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device. | ||||
| CVE-2022-22521 | 1 Miele | 1 Benchmark Programming Tool | 2024-11-21 | 7.3 High |
| In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin. | ||||
| CVE-2022-22516 | 2 Codesys, Microsoft | 5 Control Rte Sl, Control Rte Sl \(for Beckhoff Cx\), Control Win Sl and 2 more | 2024-11-21 | 7.8 High |
| The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. | ||||
| CVE-2022-22411 | 2 Ibm, Linux | 2 Spectrum Scale Data Access Services, Linux Kernel | 2024-11-21 | 6.5 Medium |
| IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016. | ||||