CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36961 – Orion Platform SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-36961
30 Sep 2022 — Un verbo usado en Orion era vulnerable a una inyección de SQL, un atacante autenticado podría aprovechar esto para la escalada de privilegios o una ejecución de código remota This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-40126
https://notcve.org/view.php?id=CVE-2022-40126
29 Sep 2022 — A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. • https://github.com/LovelyWei/CVE-2022-40126 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 10CVE-2022-37706 – Enlightenment v0.25.3 - Privilege escalation
https://notcve.org/view.php?id=CVE-2022-37706
28 Sep 2022 — Enlightenment version 0.25.3 suffers from a local privilege escalation vulnerability. • https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41604
https://notcve.org/view.php?id=CVE-2022-41604
27 Sep 2022 — Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. • https://github.com/Wh04m1001/ZoneAlarmEoP • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41141 – Windscribe Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41141
26 Sep 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://windscribe.com/changelog/windows • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3263 – Measuresoft ScadaPro Server Improper Access Control
https://notcve.org/view.php?id=CVE-2022-3263
23 Sep 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Measuresoft ScadaPro Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-265-01 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35257
https://notcve.org/view.php?id=CVE-2022-35257
23 Sep 2022 — A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM. • https://community.ui.com/releases/Security-Advisory-Bulletin-025-025/7fc92851-054d-46d3-bdb0-fbb8f7023fed •
CVSS: 4.4EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40707 – Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-40707
23 Sep 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291590 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40708 – Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-40708
23 Sep 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291590 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40709 – Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-40709
23 Sep 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291590 • CWE-125: Out-of-bounds Read •