Total
178 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14841 | 1 Redhat | 2 Decision Manager, Process Automation | 2024-02-04 | N/A | 8.8 HIGH |
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console. | |||||
CVE-2021-45446 | 1 Hitachi | 1 Vantara Pentaho | 2024-02-04 | N/A | 7.5 HIGH |
A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory. | |||||
CVE-2022-44020 | 1 Opendev | 2 Sushy-tools, Virtualbmc | 2024-02-04 | N/A | 5.5 MEDIUM |
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration." | |||||
CVE-2022-41708 | 1 Relatedcode | 1 Messenger | 2024-02-04 | N/A | 4.3 MEDIUM |
Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly. | |||||
CVE-2021-3414 | 1 Redhat | 1 Satellite | 2024-02-04 | N/A | 8.1 HIGH |
A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality. | |||||
CVE-2022-2787 | 1 Debian | 2 Debian Linux, Schroot | 2024-02-04 | N/A | 4.3 MEDIUM |
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. | |||||
CVE-2020-12744 | 1 Verint | 1 Desktop And Process Analytics | 2024-02-04 | N/A | 7.8 HIGH |
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair. | |||||
CVE-2022-36062 | 1 Grafana | 1 Grafana | 2024-02-04 | N/A | 3.8 LOW |
Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually. | |||||
CVE-2022-31237 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-04 | N/A | 3.3 LOW |
Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure. | |||||
CVE-2022-36102 | 1 Shopware | 1 Shopware | 2024-02-04 | N/A | 7.2 HIGH |
Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version (5.7.15). Users can get the update via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. | |||||
CVE-2022-21203 | 1 Intel | 1 Quartus Prime | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-24618 | 1 Heimdalsecurity | 1 Heimdal Premium Security | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer. | |||||
CVE-2021-3523 | 1 Redhat | 1 Apicast | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. | |||||
CVE-2021-43708 | 1 Helpsystems | 1 Titus Data Classification | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode. | |||||
CVE-2021-39704 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481 | |||||
CVE-2021-35079 | 1 Qualcomm | 122 Apq8053, Apq8053 Firmware, Aqt1000 and 119 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
CVE-2021-3847 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. | |||||
CVE-2022-31096 | 1 Discourse | 1 Discourse | 2024-02-04 | 2.1 LOW | 5.7 MEDIUM |
Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue. | |||||
CVE-2022-24428 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. | |||||
CVE-2021-39695 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-209607944 |