• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-732

CVE-2022-29527

February 23, 2023 by godfreyd94

Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.

CVE-2022-29405

February 23, 2023 by godfreyd94

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8

CVE-2022-29263

February 23, 2023 by godfreyd94

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2022-29271

February 23, 2023 by godfreyd94

In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.

CVE-2022-28802

February 23, 2023 by godfreyd94

Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company’s account, but was supposed to enforce role-based access control within that company’s account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials – or other secrets – that weren’t supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)

CVE-2022-28692

February 23, 2023 by godfreyd94

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 130
  • Go to page 131
  • Go to page 132
  • Go to page 133
  • Go to page 134
  • Interim pages omitted …
  • Go to page 144
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE