CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-35868
https://notcve.org/view.php?id=CVE-2022-35868
14 Feb 2023 — Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. • https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31808
https://notcve.org/view.php?id=CVE-2022-31808
14 Feb 2023 — This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-45455
https://notcve.org/view.php?id=CVE-2022-45455
13 Feb 2023 — Local privilege escalation due to incomplete uninstallation cleanup. • https://security-advisory.acronis.com/advisories/SEC-4459 • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48077
https://notcve.org/view.php?id=CVE-2022-48077
13 Feb 2023 — Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. • https://gist.github.com/hax3xploit/3210813c7221f3ae505494da57f26cbc • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-34384
https://notcve.org/view.php?id=CVE-2022-34384
10 Feb 2023 — Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. • https://www.dell.com/support/kbdoc/000204114 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 86EXPL: 0CVE-2022-43440 – Privilege escalation via manipulated unixcat executable
https://notcve.org/view.php?id=CVE-2022-43440
09 Feb 2023 — Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable • https://checkmk.com/werk/14087 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 1%CPEs: 35EXPL: 0CVE-2023-0494 – X.Org Server DeepCopyPointerClasses Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-0494
07 Feb 2023 — This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://bugzilla.redhat.com/show_bug.cgi?id=2165995 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48021
https://notcve.org/view.php?id=CVE-2022-48021
03 Feb 2023 — A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server. • https://zammad.com/de/advisories/zaa-2022-11 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48079
https://notcve.org/view.php?id=CVE-2022-48079
02 Feb 2023 — Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system. • http://mf.mengnai.top •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3560 – pesign: Local privilege escalation on pesign systemd service
https://notcve.org/view.php?id=CVE-2022-3560
02 Feb 2023 — A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. • https://bugzilla.redhat.com/show_bug.cgi?id=2135420#c0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •