CVE-2022-44020

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-281
View all →

Vulnerability Description

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."

Related Vulnerabilities

CVE-2020-16910

MEDIUM
CVSS:5.5(Medium)

<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firm...

CWE-2812020

CVE-2021-0704

MEDIUM
CVSS:5.5(Medium)

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions ...

CWE-2812021

CVE-2021-30912

MEDIUM
CVSS:5.5(Medium)

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access ...

CWE-2812021

CVE-2021-35079

MEDIUM
CVSS:5.5(Medium)

Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO...

CWE-2812021

CVE-2021-43708

MEDIUM
CVSS:5.5(Medium)

The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode.

CWE-2812021

CVE-2022-22650

MEDIUM
CVSS:5.5(Medium)

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's p...

CWE-2812022