CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41746 – Trend Micro Apex One Forced Browsing Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41746
07 Oct 2022 — A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. ... Nota: un atacante debe obtener primero la capacidad de iniciar sesión en la consola web de Apex One para poder explotar esta vulnerabilidad This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vu... • https://success.trendmicro.com/solution/000291645 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41747 – Trend Micro Apex One Security Agent Improper Certificate Validation Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41747
07 Oct 2022 — Nota: un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291645 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41749 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41749
07 Oct 2022 — An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. ... Nota: un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to esca... • https://success.trendmicro.com/solution/000291645 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41744 – Trend Micro Apex One Vulnerability Protection Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41744
07 Oct 2022 — A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. ... Nota: un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installatio... • https://success.trendmicro.com/solution/000291645 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41745 – Trend Micro Apex One Security Agent Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41745
07 Oct 2022 — An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. ... Nota: un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected inst... • https://success.trendmicro.com/solution/000291645 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42430 – Tesla wowlan_config Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42430
07 Oct 2022 — This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-1406 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42431 – Tesla bcmdhd Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42431
07 Oct 2022 — This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-1407 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 10CVE-2022-41040 – Microsoft Exchange Server Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2022-41040
03 Oct 2022 — Microsoft Exchange Server Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Microsoft Exchange Server This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Exchange. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://github.com/kljunowsky/CVE-2022-41040-POC • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41142 – Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41142
03 Oct 2022 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://github.com/centreon/centreon/security/policy • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41975
https://notcve.org/view.php?id=CVE-2022-41975
30 Sep 2022 — RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. vRealVNC VNC Server versiones anteriores a 6.11.0 y VNC Viewer versiones anteriores a 6.22.826 en Windows, permiten una escalada de privilegios local por medio del modo de reparación del instalador MSI • https://help.realvnc.com/hc/en-us/articles/360002253138-Release-Notes#vnc-server-6-11-0-released-0-2 •