CWE-269

CVE-2022-0579

February 23, 2023 by

Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9.

CVE-2022-0441

February 23, 2023 by

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin

CVE-2022-0338

February 23, 2023 by

Improper Privilege Management in Conda loguru prior to 0.5.3.

CVE-2022-0277

February 23, 2023 by

Improper Access Control in Packagist microweber/microweber prior to 1.2.11.

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.

CVE-2022-0222

February 23, 2023 by

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)