Total
2410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26676 | 1 Aenrich | 1 A\+hrd | 2024-11-21 | 9.8 Critical |
| aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | ||||
| CVE-2022-26668 | 1 Asus | 1 Control Center | 2024-11-21 | 7.3 High |
| ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service. | ||||
| CVE-2022-26251 | 1 Synametrics | 1 Synaman | 2024-11-21 | 7.2 High |
| The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | ||||
| CVE-2022-26118 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 6.7 Medium |
| A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. | ||||
| CVE-2022-26113 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.7 High |
| An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system. | ||||
| CVE-2022-26057 | 1 Abb | 1 Mint Workbench | 2024-11-21 | 6.7 Medium |
| Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product | ||||
| CVE-2022-25782 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 5.4 Medium |
| Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7. | ||||
| CVE-2022-25636 | 5 Debian, Linux, Netapp and 2 more | 16 Debian Linux, Linux Kernel, H300e and 13 more | 2024-11-21 | 7.8 High |
| net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | ||||
| CVE-2022-25372 | 2 Microsoft, Pritunl | 2 Windows, Pritunl-client-electron | 2024-11-21 | 7.8 High |
| Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. | ||||
| CVE-2022-25150 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2024-11-21 | 7.8 High |
| In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. | ||||
| CVE-2022-25089 | 1 Kofax | 1 Printix | 2024-11-21 | 9.8 Critical |
| Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. | ||||
| CVE-2022-24931 | 1 Google | 1 Android | 2024-11-21 | 7.9 High |
| Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission | ||||
| CVE-2022-24927 | 1 Samsung | 1 Video Player | 2024-11-21 | 4.2 Medium |
| Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. | ||||
| CVE-2022-24637 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | 9.8 Critical |
| Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter. | ||||
| CVE-2022-24408 | 1 Siemens | 4 Sinumerik Mc, Sinumerik Mc Firmware, Sinumerik One and 1 more | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root. | ||||
| CVE-2022-24077 | 1 Naver | 1 Cloud Explorer | 2024-11-21 | 7.8 High |
| Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | ||||
| CVE-2022-24072 | 1 Navercorp | 1 Whale | 2024-11-21 | 6.1 Medium |
| The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool. | ||||
| CVE-2022-23743 | 1 Checkpoint | 1 Zonealarm | 2024-11-21 | 7.8 High |
| Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119 | ||||
| CVE-2022-23720 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 7.5 High |
| PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints. | ||||
| CVE-2022-23160 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 5.4 Medium |
| Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files. | ||||