CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0524
https://notcve.org/view.php?id=CVE-2023-0524
01 Feb 2023 — This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. • https://www.tenable.com/security/tns-2023-04 •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2022-42972 – Schneider Electric APC Easy UPS Online Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42972
01 Feb 2023 — Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to ... • https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2022-42973 – Schneider Electric APC Easy UPS Online SNMPDBManager Use of Hard-Coded Credentials Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42973
01 Feb 2023 — Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to ... • https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24307 – mRemoteNG 1.76.20 Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-24307
31 Jan 2023 — An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. • https://github.com/NyaMeeEain/Infrastructure-Assessment/blob/master/Privilege%20Escalation/Common%20Windows%20Privilege%20Escalation.md • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23334
https://notcve.org/view.php?id=CVE-2022-23334
30 Jan 2023 — The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE. • http://ip-label.com • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-48107
https://notcve.org/view.php?id=CVE-2022-48107
27 Jan 2023 — This vulnerability allows attackers to escalate privileges to root via a crafted payload. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20inject%20in%20IPAddress • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-48108
https://notcve.org/view.php?id=CVE-2022-48108
27 Jan 2023 — This vulnerability allows attackers to escalate privileges to root via a crafted payload. • https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20inject%20in%20Netmask • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2022-47632 – Razer Synapse 3.7.0731.072516 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-47632
27 Jan 2023 — Razer Synapse version 3.7.0731.072516 suffers from a local privilege escalation due to a DLL hijacking vulnerability. • http://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45770
https://notcve.org/view.php?id=CVE-2022-45770
26 Jan 2023 — Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation. • https://github.com/Marsel-marsel/CVE-2022-45770 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-43997
https://notcve.org/view.php?id=CVE-2022-43997
25 Jan 2023 — Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. • https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741 •