CVE-2022-21946

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-732
View all →

Vulnerability Description

A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.

Related Vulnerabilities

CVE-2011-2515

MEDIUM
CVSS:5.3(Medium)

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

CWE-7322011

CVE-2011-4912

MEDIUM
CVSS:5.3(Medium)

Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

CWE-7322011

CVE-2016-11062

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.

CWE-7322016

CVE-2017-0423

MEDIUM
CVSS:5.3(Medium)

An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitati...

CWE-7322017

CVE-2017-15906

MEDIUM
CVSS:5.3(Medium)

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

CWE-7322017

CVE-2017-16754

MEDIUM
CVSS:5.3(Medium)

Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.

CWE-7322017