CWE:
 

Tytuł
Data
Autor
High
Wordpress Plugin XCloner 4.2.12 Remote Code Execution (Authenticated)
07.07.2021
Ron Jost
High
WordPress XCloner 4.2.12 Remote Code Execution
02.07.2021
Ron Jost
Med.
BarracudaDrive v6.5 Insecure Folder Permissions
04.09.2020
Bobby Cooke
Low
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment
28.04.2019
Cisco Talos
High
aws-cfn-bootstrap Local Code Execution
04.12.2017
Harry Sintonen
Med.
SAP HANA SPS09 1.00.091.00.1418659308 EXPORT Information Disclosure
22.08.2016
Multiple
Low
Samsung SNS Provider Application For Android Access Theft
13.03.2015
Sadosky


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-07-18
Waiting for details
CVE-2022-34891

Updating...
 

 
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16395.

 
2022-07-12
Medium
CVE-2021-38289

Vendor: Novastar
Software: Novaicare
 

 
An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts.

 
Low
CVE-2022-33689

Vendor: Google
Software: Android
 

 
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.

 
Medium
CVE-2022-33695

Vendor: Google
Software: Android
 

 
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.

 
2022-07-06
Medium
CVE-2022-30929

Vendor: Mini tmall project
Software: Mini tmall
 

 
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.

 
2022-07-04
Low
CVE-2022-28692

Vendor: Cybozu
Software: Garoon
 

 
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.

 
Low
CVE-2022-27807

Vendor: Cybozu
Software: Garoon
 

 
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.

 
Medium
CVE-2022-26368

Vendor: Cybozu
Software: Garoon
 

 
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.

 
Low
CVE-2022-26054

Vendor: Cybozu
Software: Garoon
 

 
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.

 
Low
CVE-2022-26051

Vendor: Cybozu
Software: Garoon
 

 
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top