ReportizFlow
Filtered by vendor
Subscriptions
Total
1579 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37771 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2024-11-21 | 6.7 Medium |
| IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | ||||
| CVE-2022-37435 | 1 Apache | 1 Shenyu | 2024-11-21 | 8.8 High |
| Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. | ||||
| CVE-2022-36800 | 1 Atlassian | 1 Jira Service Management | 2024-11-21 | 4.3 Medium |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. | ||||
| CVE-2022-36670 | 1 Pcprotect | 1 Endpoint | 2024-11-21 | 6.7 Medium |
| PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | ||||
| CVE-2022-35167 | 1 Prinitix | 1 Cloud Print Management | 2024-11-21 | 8.8 High |
| Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions. | ||||
| CVE-2022-34891 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16395. | ||||
| CVE-2022-34043 | 1 Nomachine | 1 Nomachine | 2024-11-21 | 7.3 High |
| Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. | ||||
| CVE-2022-34012 | 1 Zhyd | 1 Oneblog | 2024-11-21 | 6.5 Medium |
| Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. | ||||
| CVE-2022-33898 | 1 Intel | 1 Nuc Watchdog Timer Utility | 2024-11-21 | 6.7 Medium |
| Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-33695 | 1 Google | 1 Android | 2024-11-21 | 5.1 Medium |
| Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. | ||||
| CVE-2022-33175 | 1 Powertekpdus | 14 Basic Pdu, Basic Pdu Firmware, Piml Pdu and 11 more | 2024-11-21 | 9.8 Critical |
| Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device. | ||||
| CVE-2022-33167 | 1 Ibm | 2 Security Directory Integrator, Security Verify Directory Integrator | 2024-11-21 | 3.7 Low |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587. | ||||
| CVE-2022-32155 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 7.5 High |
| In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services. | ||||
| CVE-2022-31464 | 1 Adaware | 1 Protect | 2024-11-21 | 7.8 High |
| Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path. | ||||
| CVE-2022-30990 | 3 Acronis, Linux, Microsoft | 4 Agent, Cyber Protect, Linux Kernel and 1 more | 2024-11-21 | 7.5 High |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 | ||||
| CVE-2022-30929 | 1 Mini Tmall Project | 1 Mini Tmall | 2024-11-21 | 8.8 High |
| Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper. | ||||
| CVE-2022-30700 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.8 High |
| An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-2975 | 1 Avaya | 1 Aura Application Enablement Services | 2024-11-21 | 7.7 High |
| A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated. | ||||
| CVE-2022-2227 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions | ||||
| CVE-2022-29527 | 1 Amazon | 1 Amazon Ssm Agent | 2024-11-21 | 7.0 High |
| Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition. | ||||