CVSS: 8.8EPSS: 0%CPEs: 266EXPL: 0CVE-2022-31696 – VMware ESXi TCP/IP Memory Corruption Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-31696
13 Dec 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of kernel. • https://www.vmware.com/security/advisories/VMSA-2022-0030.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46383
https://notcve.org/view.php?id=CVE-2022-46383
06 Dec 2022 — The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access. • https://docs.rackn.io/en/latest/doc/security/cve_2022_46383.html •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2022-45771
https://notcve.org/view.php?id=CVE-2022-45771
05 Dec 2022 — An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. • https://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46410
https://notcve.org/view.php?id=CVE-2022-46410
04 Dec 2022 — An attacker with non-root privileges may escalate privileges to root by using specific commands. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue5 •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46411
https://notcve.org/view.php?id=CVE-2022-46411
04 Dec 2022 — A default password is persisted after installation and may be discovered and used to escalate privileges. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue3 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44929
https://notcve.org/view.php?id=CVE-2022-44929
02 Dec 2022 — An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. • https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-44929 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45797
https://notcve.org/view.php?id=CVE-2022-45797
01 Dec 2022 — An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. • https://success.trendmicro.com/solution/000291830 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44096
https://notcve.org/view.php?id=CVE-2022-44096
30 Nov 2022 — Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. • https://github.com/upasvi/CVE-/issues/1 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44097
https://notcve.org/view.php?id=CVE-2022-44097
30 Nov 2022 — Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. • https://github.com/upasvi/CVE-/issues/2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46152 – OP-TEE Trusted OS vulnerable to Improper Validation of Array Index in the cleanup_shm_refs function
https://notcve.org/view.php?id=CVE-2022-46152
29 Nov 2022 — Maintainers believe this problem permits local privilege escalation from the normal world to the secure world. • https://github.com/OP-TEE/optee_os/blob/c2d449482de098f1c894b94f338440e5a327813d/core/tee/entry_std.c#L257 • CWE-129: Improper Validation of Array Index •