Total
2157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39032 | 1 Lcnet | 1 Smart Evision | 2024-11-21 | 8.8 High |
| Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service. | ||||
| CVE-2022-38775 | 2 Elastic, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 7.8 High |
| An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | ||||
| CVE-2022-38774 | 2 Elastic, Microsoft | 3 Endgame, Endpoint Security, Windows | 2024-11-21 | 7.8 High |
| An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | ||||
| CVE-2022-38757 | 1 Microfocus | 1 Zenworks | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator. | ||||
| CVE-2022-38378 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4 Medium |
| An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands. | ||||
| CVE-2022-38351 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | 8.8 High |
| A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page. | ||||
| CVE-2022-38124 | 1 Secomea | 24 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 21 more | 2024-11-21 | 5.7 Medium |
| Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. | ||||
| CVE-2022-38065 | 1 Redhat | 1 Openstack | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges. | ||||
| CVE-2022-38060 | 2 Openstack, Redhat | 2 Kolla, Openstack | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. | ||||
| CVE-2022-37929 | 1 Hpe | 18 Hf20, Hf20 Firmware, Hf20c and 15 more | 2024-11-21 | 6.7 Medium |
| Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. | ||||
| CVE-2022-37706 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | 7.8 High |
| enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring. | ||||
| CVE-2022-37025 | 1 Mcafee | 1 Security Scan Plus | 2024-11-21 | 7.8 High |
| An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file. | ||||
| CVE-2022-36861 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege. | ||||
| CVE-2022-36833 | 2 Google, Samsung | 2 Android, Gameoptimizingservice | 2024-11-21 | 7.3 High |
| Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name. | ||||
| CVE-2022-36157 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 8.8 High |
| XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. | ||||
| CVE-2022-36088 | 2 Microsoft, Thoughtworks | 2 Windows, Gocd | 2024-11-21 | 5 Medium |
| GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or components of the installation. This does not affect zip file-based installs, installations to other platforms, or installations inside `Program Files` or `Program Files (x86)`. This issue is fixed in GoCD 22.2.0 installers. As a workaround, if the server or agent is installed outside of `Program Files (x86)`, verify the the permission of the Server or Agent installation directory to ensure the `Everyone` user group does not have `Full Control`, `Modify` or `Write` permissions. | ||||
| CVE-2022-36075 | 1 Nextcloud | 1 Files Access Control | 2024-11-21 | 2.6 Low |
| Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue | ||||
| CVE-2022-35921 | 1 Friendsofflarum | 1 Byobu | 2024-11-21 | 3.5 Low |
| fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue. | ||||
| CVE-2022-35291 | 1 Sap | 1 Successfactors Mobile | 2024-11-21 | 8.1 High |
| Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successful exploitation, the attacker can read/write attachments. Thus, compromising the confidentiality and integrity of the application | ||||
| CVE-2022-35243 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 8.7 High |
| In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||