• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-276

CVE-2022-33175

February 23, 2023 by godfreyd94

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device.

CVE-2022-33023

February 23, 2023 by godfreyd94

CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong.

CVE-2022-32743

February 23, 2023 by godfreyd94

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.

CVE-2022-3263

February 23, 2023 by godfreyd94

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.

CVE-2022-32562

February 23, 2023 by godfreyd94

An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.

CVE-2022-32207

February 23, 2023 by godfreyd94

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 90
  • Go to page 91
  • Go to page 92
  • Go to page 93
  • Go to page 94
  • Interim pages omitted …
  • Go to page 110
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE