Total
2349 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29614 | 1 Sap | 2 Host Agent, Netweaver Abap | 2024-11-21 | 5.0 Medium |
| SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. | ||||
| CVE-2022-29587 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2024-11-21 | 4.0 Medium |
| Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges. | ||||
| CVE-2022-29526 | 5 Fedoraproject, Golang, Linux and 2 more | 15 Fedora, Go, Linux Kernel and 12 more | 2024-11-21 | 5.3 Medium |
| Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | ||||
| CVE-2022-29333 | 1 Cyberlink | 1 Powerdirector | 2024-11-21 | 7.8 High |
| A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. | ||||
| CVE-2022-27840 | 1 Samsung | 1 Recovery | 2024-11-21 | 4.4 Medium |
| Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. | ||||
| CVE-2022-27659 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 4.3 Medium |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-27487 | 1 Fortinet | 2 Fortideceptor, Fortisandbox | 2024-11-21 | 8.3 High |
| A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. | ||||
| CVE-2022-26676 | 1 Aenrich | 1 A\+hrd | 2024-11-21 | 9.8 Critical |
| aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | ||||
| CVE-2022-26668 | 1 Asus | 1 Control Center | 2024-11-21 | 7.3 High |
| ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service. | ||||
| CVE-2022-26251 | 1 Synametrics | 1 Synaman | 2024-11-21 | 7.2 High |
| The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | ||||
| CVE-2022-26118 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 6.7 Medium |
| A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. | ||||
| CVE-2022-26113 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.7 High |
| An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system. | ||||
| CVE-2022-26057 | 1 Abb | 1 Mint Workbench | 2024-11-21 | 6.7 Medium |
| Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product | ||||
| CVE-2022-25782 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 5.4 Medium |
| Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7. | ||||
| CVE-2022-25636 | 5 Debian, Linux, Netapp and 2 more | 16 Debian Linux, Linux Kernel, H300e and 13 more | 2024-11-21 | 7.8 High |
| net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | ||||
| CVE-2022-25372 | 2 Microsoft, Pritunl | 2 Windows, Pritunl-client-electron | 2024-11-21 | 7.8 High |
| Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. | ||||
| CVE-2022-25150 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2024-11-21 | 7.8 High |
| In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools tab can be used to escalate privileges. | ||||
| CVE-2022-25089 | 1 Kofax | 1 Printix | 2024-11-21 | 9.8 Critical |
| Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. | ||||
| CVE-2022-24931 | 1 Google | 1 Android | 2024-11-21 | 7.9 High |
| Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission | ||||
| CVE-2022-24927 | 1 Samsung | 1 Video Player | 2024-11-21 | 4.2 Medium |
| Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. | ||||