CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42046
https://notcve.org/view.php?id=CVE-2022-42046
20 Dec 2022 — wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary user to perform local privilege escalation wfshbr64.sys y wfshbr32.sys IOCTL especialmente manipulado permiten a cualquier usuario realizar una escalada de privilegios local • https://github.com/kkent030315/CVE-2022-42046 • CWE-269: Improper Privilege Management •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31707 – VMware vRealize Operations CaSA Improper Privilege Management Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-31707
16 Dec 2022 — This vulnerability allows remote attackers to escalate privileges on affected installations of VMware vRealize Operations. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://www.vmware.com/security/advisories/VMSA-2022-0034.html •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20572 – kernel: missing DM_TARGET_IMMUTABLE feature flag in verity_target in drivers/md/dm-verity-target.c
https://notcve.org/view.php?id=CVE-2022-20572
16 Dec 2022 — This flaw can lead to local privilege escalation. • https://source.android.com/security/bulletin/pixel/2022-12-01 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 9CVE-2022-46689 – macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-46689
15 Dec 2022 — A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. Se abordó una condición de ejecución con validación adicional. Este problema se solucionó en tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 y iPadOS 15.7.2, iOS 16.2 y iPadOS 1... • https://github.com/zhuowei/MacDirtyCowDemo • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45798 – Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-45798
15 Dec 2022 — A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in t... • https://success.trendmicro.com/solution/000291830 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46996
https://notcve.org/view.php?id=CVE-2022-46996
14 Dec 2022 — This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. • https://github.com/SHenry07/vSphere_selfuse •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46997
https://notcve.org/view.php?id=CVE-2022-46997
14 Dec 2022 — This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. • https://github.com/Viralmaniar/Passhunt •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 0CVE-2022-4283 – X.Org Server XkbCopyNames Double Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-4283
14 Dec 2022 — This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2022-4283 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44898 – MsIo64 LOLDriver Memory Corruption
https://notcve.org/view.php?id=CVE-2022-44898
14 Dec 2022 — The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests. • https://heegong.github.io/posts/ASUS-AuraSync-Kernel-Stack-Based-Buffer-Overflow-Local-Privilege-Escalation • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 35%CPEs: 8EXPL: 0CVE-2022-46340 – X.Org Server XTestFakeInput Type Confusion Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46340
14 Dec 2022 — This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. ... This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2022-46340 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •