ReportizFlow
Filtered by vendor
Subscriptions
Total
1408 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0207 | 1 Nvidia | 2 Dgx-2, Sbios | 2024-11-21 | 7.5 High |
| NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. | ||||
| CVE-2022-4630 | 1 Daloradius | 1 Daloradius | 2024-11-21 | 5.3 Medium |
| Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. | ||||
| CVE-2022-48257 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2024-11-21 | 5.3 Medium |
| In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. | ||||
| CVE-2022-47927 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 5.5 Medium |
| An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data. | ||||
| CVE-2022-46656 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | 6.7 Medium |
| Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-46338 | 2 Debian, G810-led Project | 2 Debian Linux, G810-led | 2024-11-21 | 6.5 Medium |
| g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data. | ||||
| CVE-2022-45307 | 1 Chocolatey | 1 Chocolatey Php | 2024-11-21 | 4.3 Medium |
| Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder. | ||||
| CVE-2022-45306 | 1 Chocolatey | 1 Chocolatey Azure-pipelines-agent | 2024-11-21 | 4.3 Medium |
| Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder. | ||||
| CVE-2022-45305 | 1 Chocolatey | 1 Chocolatey Python3 | 2024-11-21 | 4.3 Medium |
| Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder. | ||||
| CVE-2022-45304 | 1 Chocolatey | 1 Chocolatey Cmder | 2024-11-21 | 4.3 Medium |
| Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder. | ||||
| CVE-2022-45301 | 1 Chocolatey | 1 Chocolatey Ruby | 2024-11-21 | 4.3 Medium |
| Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder. | ||||
| CVE-2022-45193 | 1 Bruhn-newtech | 1 Cbrn-analysis | 2024-11-21 | 5.9 Medium |
| CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. | ||||
| CVE-2022-44746 | 1 Acronis | 1 Cyber Protect Home Office | 2024-11-21 | 5.5 Medium |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | ||||
| CVE-2022-44733 | 1 Acronis | 1 Cyber Protect Home Office | 2024-11-21 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | ||||
| CVE-2022-44732 | 1 Acronis | 1 Cyber Protect Home Office | 2024-11-21 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | ||||
| CVE-2022-44725 | 1 Opcfoundation | 1 Local Discovery Server | 2024-11-21 | 7.8 High |
| OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). | ||||
| CVE-2022-44715 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 8.8 High |
| Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload. | ||||
| CVE-2022-44263 | 1 Dentsplysirona | 1 Sidexis | 2024-11-21 | 7.8 High |
| Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control. | ||||
| CVE-2022-43946 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.3 High |
| Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. | ||||
| CVE-2022-43773 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | 8.8 High |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. | ||||