CVSS: 5.9EPSS: 0%CPEs: 151EXPL: 0CVE-2022-42132
https://notcve.org/view.php?id=CVE-2022-42132
15 Nov 2022 — The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential. La funcionalidad Probar usuarios de LDAP en Liferay Portal 7.0.0 a 7.4.3.4, y Liferay DXP 7.0 fixpack 102... • https://issues.liferay.com/browse/LPE-17438 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3787 – device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux
https://notcve.org/view.php?id=CVE-2022-3787
14 Nov 2022 — This could lead to local privilege escalation to root. • https://bugzilla.redhat.com/show_bug.cgi?id=2138959 • CWE-285: Improper Authorization •
CVSS: 6.4EPSS: 0%CPEs: 46EXPL: 0CVE-2022-42110
https://notcve.org/view.php?id=CVE-2022-42110
14 Nov 2022 — A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML. Una vulnerabilidad de Cross-Site Scripring (XSS) en el módulo Announcements en Liferay Portal 7.1.0 a 7.4.2 y Liferay DXP 7.1 antes del fix pack 27, 7.2 antes del fix pack 17 y 7.3 antes del service pack 3 permite a atacantes remotos inyectar s... • https://issues.liferay.com/browse/LPE-17403 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40773 – ManageEngine ServiceDesk Plus MSP exportMickeyList Improper Input Validation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-40773
12 Nov 2022 — This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2022-0031 – Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
https://notcve.org/view.php?id=CVE-2022-0031
09 Nov 2022 — A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges. • https://security.paloaltonetworks.com/CVE-2022-0031 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43310
https://notcve.org/view.php?id=CVE-2022-43310
09 Nov 2022 — An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. • https://github.com/hxxt9049/futing • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44244
https://notcve.org/view.php?id=CVE-2022-44244
09 Nov 2022 — An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. • https://gist.github.com/cai-niao98/58c97899695488bd73a73d56adf44c4c • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-41092 – Windows Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41092
09 Nov 2022 — Windows Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41092 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-41123 – Microsoft Exchange Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41123
09 Nov 2022 — Microsoft Exchange Server Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Microsoft Exchange Server This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Exchange. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44744
https://notcve.org/view.php?id=CVE-2022-44744
07 Nov 2022 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-2718 • CWE-427: Uncontrolled Search Path Element •