CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3586 – Linux Kernel Net Scheduler Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-3586
19 Oct 2022 — An attacker can leverage this in conjunction with other vulnerabilties to escalate privileges and execute arbitrary code in the context of the kernel. • https://github.com/torvalds/linux/commit/9efd23297cca • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 3CVE-2022-2602 – Linux Kernel io_uring Improper Update of Reference Count Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2602
18 Oct 2022 — io_uring UAF, Unix SCM garbage collection io_uring UAF, recolección de basura Unix SCM This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://github.com/LukeGix/CVE-2022-2602 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2022-22239 – Junos OS Evolved: The ssh CLI command always runs as root which can lead to privilege escalation
https://notcve.org/view.php?id=CVE-2022-22239
18 Oct 2022 — This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. • https://kb.juniper.net/JSA69895 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39427 – Oracle VirtualBox COM RPC Interface Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-39427
18 Oct 2022 — Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.oracle.com/security-alerts/cpuoct2022.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36438
https://notcve.org/view.php?id=CVE-2022-36438
18 Oct 2022 — AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). • https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713%2FAsus%20Switch%20LPE.pdf&parent=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713&ga=1 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-3569 – Zimbra Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-3569
17 Oct 2022 — Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'. • http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html • CWE-271: Privilege Dropping / Lowering Errors •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 1CVE-2022-3564 – Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free
https://notcve.org/view.php?id=CVE-2022-3564
17 Oct 2022 — This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. • https://github.com/Trinadh465/linux-4.1.15_CVE-2022-3564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40055
https://notcve.org/view.php?id=CVE-2022-40055
17 Oct 2022 — An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. • http://gpon.com • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35135
https://notcve.org/view.php?id=CVE-2022-35135
13 Oct 2022 — Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. • https://securityblog101.blogspot.com/2022/10/cve-id-cve-2022-35135-cve-2022-35136.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2022-37986 – Windows Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37986
11 Oct 2022 — Windows Win32k Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user at medium integrity. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37986 •