CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40710 – Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-40710
23 Sep 2022 — A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. ... Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. ... An attacker can l... • https://success.trendmicro.com/solution/000291590 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.4EPSS: 0%CPEs: 46EXPL: 0CVE-2022-28979
https://notcve.org/view.php?id=CVE-2022-28979
21 Sep 2022 — Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field. Se ha detectado que Liferay Portal versioens v7.1.0 hasta v7.4.2 y Liferay DXP versiones 7.1 antes del fix pac... • https://issues.liferay.com/browse/LPE-17381 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23084 – Potential jail escape vulnerabilities in netmap
https://notcve.org/view.php?id=CVE-2022-23084
20 Sep 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23085 – Potential jail escape vulnerabilities in netmap
https://notcve.org/view.php?id=CVE-2022-23085
20 Sep 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23086 – mpr/mps/mpt driver ioctl heap out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-23086
20 Sep 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://security.freebsd.org/advisories/FreeBSD-SA-22:06.ioctl.asc • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38532
https://notcve.org/view.php?id=CVE-2022-38532
19 Sep 2022 — This vulnerability allows attackers to escalate privileges via running a crafted executable. • https://github.com/nam3lum/msi-central_privesc •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-38351
https://notcve.org/view.php?id=CVE-2022-38351
19 Sep 2022 — A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page. • https://nobugescapes.com/blog/privilege-escalation-from-user-operator-to-system-administrator • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29908
https://notcve.org/view.php?id=CVE-2022-29908
19 Sep 2022 — The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation. • https://help.cloud.fabasoft.com/index.php?topic=doc/Technical-Information-eng/the-fabasoft-cloud-enterprise-client.htm • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 32%CPEs: 2EXPL: 1CVE-2022-36536 – Syncovery For Linux Web-GUI Session Token Brute-Forcer
https://notcve.org/view.php?id=CVE-2022-36536
16 Sep 2022 — KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens. • http://super.com • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-2977
https://notcve.org/view.php?id=CVE-2022-2977
14 Sep 2022 — On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f • CWE-416: Use After Free •