Vulnerabilities (CVE)

Filtered by CWE-269
Total 2369 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30150 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2022-06-25 6.8 MEDIUM 8.1 HIGH
Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability.
CVE-2022-30154 1 Microsoft 5 Windows 10, Windows Server 2012, Windows Server 2016 and 2 more 2022-06-24 2.1 LOW 5.3 MEDIUM
Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability.
CVE-2022-31219 1 Abb 3 Automation Builder, Drive Composer, Mint Workbench 2022-06-24 7.2 HIGH 7.8 HIGH
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
CVE-2022-31218 1 Abb 3 Automation Builder, Drive Composer, Mint Workbench 2022-06-24 7.2 HIGH 7.8 HIGH
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
CVE-2022-31217 1 Abb 3 Automation Builder, Drive Composer, Mint Workbench 2022-06-24 7.2 HIGH 7.8 HIGH
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
CVE-2022-20819 1 Cisco 1 Identity Services Engine 2022-06-24 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information about the system configuration.
CVE-2017-20049 1 Axis 12 M3005, M3005 Firmware, M3007 and 9 more 2022-06-24 10.0 HIGH 9.8 CRITICAL
A vulnerability, which was classified as critical, was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component.
CVE-2021-40776 3 Adobe, Apple, Microsoft 3 Lightroom, Macos, Windows 2022-06-24 6.6 MEDIUM 6.1 MEDIUM
Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability.
CVE-2022-26057 1 Abb 1 Mint Workbench 2022-06-24 7.2 HIGH 7.8 HIGH
Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product
CVE-2022-2104 2022-06-24 N/A N/A
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).
CVE-2022-31216 1 Abb 3 Automation Builder, Drive Composer, Mint Workbench 2022-06-24 7.2 HIGH 7.8 HIGH
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.
CVE-2022-31214 1 Firejail Project 1 Firejail 2022-06-23 7.2 HIGH 7.8 HIGH
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.
CVE-2021-30349 1 Qualcomm 282 Aqt1000, Aqt1000 Firmware, Ar8031 and 279 more 2022-06-22 7.2 HIGH 6.7 MEDIUM
Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2022-2063 1 Xgenecloud 1 Nocodb 2022-06-22 6.8 MEDIUM 8.8 HIGH
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-32272 1 Opswat 1 Metadefender 2022-06-21 7.5 HIGH 9.8 CRITICAL
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.
CVE-2022-1823 2022-06-21 N/A N/A
Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file.
CVE-2022-31496 1 Librehealth 1 Librehealth Ehr 2022-06-17 9.0 HIGH 8.8 HIGH
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
CVE-2021-36710 1 Toaruos 1 Toaruos 2022-06-17 7.2 HIGH 8.8 HIGH
ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0.
CVE-2022-30610 2 Ibm, Linux 2 Spectrum Copy Data Management, Linux Kernel 2022-06-17 3.5 LOW 4.5 MEDIUM
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363.
CVE-2019-25068 1 Axiositalia 1 Registro Elettronico 2022-06-16 6.5 MEDIUM 8.8 HIGH
A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely.