CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44747
https://notcve.org/view.php?id=CVE-2022-44747
07 Nov 2022 — Local privilege escalation due to improper soft link handling. • https://security-advisory.acronis.com/advisories/SEC-4540 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44733
https://notcve.org/view.php?id=CVE-2022-44733
07 Nov 2022 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-3968 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44732
https://notcve.org/view.php?id=CVE-2022-44732
07 Nov 2022 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-3040 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-42919 – python: local privilege escalation via the multiprocessing forkserver start method
https://notcve.org/view.php?id=CVE-2022-42919
04 Nov 2022 — Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. • https://github.com/python/cpython/compare/v3.10.8...v3.10.9 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40289 – Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via file upload and download functionality.
https://notcve.org/view.php?id=CVE-2022-40289
31 Oct 2022 — The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. • https://www.themissinglink.com.au/security-advisories/cve-2022-40289 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40288 – Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via messaging functionality
https://notcve.org/view.php?id=CVE-2022-40288
31 Oct 2022 — The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. • https://www.themissinglink.com.au/security-advisories/cve-2022-40288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 7CVE-2022-41973 – device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack
https://notcve.org/view.php?id=CVE-2022-41973
29 Oct 2022 — This could be used indirectly for local privilege escalation to root. multipath-tools 0.7.7 hasta 0.9.x anteriores a 0.9.2 permite a los usuarios locales obtener acceso de root, explotado junto con CVE-2022-41974. ... This could be used indirectly for local privilege escalation to root. • http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41644 – Delta Industrial Automation InfraSuite Device Master ModifyPrivByID Missing Authentication Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41644
27 Oct 2022 — This vulnerability allows remote attackers to escalate privileges or create a denial-of-service condition on affected installations of Delta Industrial Automation InfraSuite Device Master. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user or to create a denial-of-service condition on system. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 7CVE-2022-41974 – device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
https://notcve.org/view.php?id=CVE-2022-41974
26 Oct 2022 — This can lead to local privilege escalation to root. ... This could lead to local privilege escalation to root. • http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33179
https://notcve.org/view.php?id=CVE-2022-33179
25 Oct 2022 — A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. • https://security.netapp.com/advisory/ntap-20230127-0004 •