CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44652 – Trend Micro Apex One Improper Handling of Exceptional Conditions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-44652
21 Nov 2022 — An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291770 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44653 – Trend Micro Apex One Security Agent Directory Traversal Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-44653
21 Nov 2022 — A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291770 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36924 – Local Privilege Escalation in Zoom Rooms Installer for Windows
https://notcve.org/view.php?id=CVE-2022-36924
17 Nov 2022 — The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28768 – Local Privilege Escalation in Zoom Client Installer for macOS
https://notcve.org/view.php?id=CVE-2022-28768
17 Nov 2022 — The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-689: Permission Race Condition During Resource Copy •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2022-43138
https://notcve.org/view.php?id=CVE-2022-43138
17 Nov 2022 — Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. • https://www.exploit-db.com/exploits/50248 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42120
https://notcve.org/view.php?id=CVE-2022-42120
15 Nov 2022 — A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute. Una vulnerabilidad de inyección SQL en el módulo Fragment en Liferay Portal 7.3.3 a 7.4.3.16, y Liferay DXP 7.3 antes de la actualización 4, y 7.4 antes de la actualización 17 permite a los atacantes ejecutar comandos SQL arbitrarios a través del atributo... • https://issues.liferay.com/browse/LPE-17513 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 48EXPL: 0CVE-2022-42121
https://notcve.org/view.php?id=CVE-2022-42121
15 Nov 2022 — A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field. Una vulnerabilidad de inyección SQL en el módulo Layout en Liferay Portal 7.1.3 hasta 7.4.3.4, y Liferay DXP 7.1 anterior al fix pack 27, 7.2 anterior al fix pack 17, 7.3 anterio... • https://issues.liferay.com/browse/LPE-17414 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42122
https://notcve.org/view.php?id=CVE-2022-42122
15 Nov 2022 — A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL. Una vulnerabilidad de inyección SQL en el módulo URL Amigable en Liferay Portal 7.3.7 y Liferay DXP 7.3 fixpack 2 hasta la actualización 4 permite a los atacantes ejecutar comandos SQL arbitrarios a través de un payload manipulado inyectado en el campo "títu... • https://issues.liferay.com/browse/LPE-17520 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42126
https://notcve.org/view.php?id=CVE-2022-42126
15 Nov 2022 — The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI. El módulo Asset Libraries en Liferay Portal 7.3.5 a 7.4.3.28, y Liferay DXP 7.3 antes de la actualización 8, y DXP 7.4 antes de la actualización 29 no verifica correctamente los permisos de las librerías de activos, lo que permite a los usuarios... • https://issues.liferay.com/browse/LPE-17593 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42127
https://notcve.org/view.php?id=CVE-2022-42127
15 Nov 2022 — The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page. El módulo URL Amigables en Liferay Portal v7.4.3.5 a 7.4.3.36 y Liferay DXP 7.4 actualizaciones 1 a 36 no verifica adecuadamente los permisos de usuario, lo que permite a atacantes remotos obtener el historial de todas las URL amigables que se asignaron a una p... • https://issues.liferay.com/browse/LPE-17607 • CWE-276: Incorrect Default Permissions •