CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40142 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-40142
14 Sep 2022 — A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. ... Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges... • https://success.trendmicro.com/solution/000291528 • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40143 – Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-40143
14 Sep 2022 — A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. ... Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges<... • https://success.trendmicro.com/solution/000291528 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31322
https://notcve.org/view.php?id=CVE-2022-31322
13 Sep 2022 — Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables. • https://medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38633
https://notcve.org/view.php?id=CVE-2022-38633
13 Sep 2022 — Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary. • https://github.com/SaumyajeetDas/Vulnerability/blob/main/Genymotion/GenymotionDesktop.md • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2022-37955 – Windows Group Policy Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37955
13 Sep 2022 — Windows Group Policy Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Group Policy This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37955 •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-37954 – DirectX Graphics Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-37954
13 Sep 2022 — DirectX Graphics Kernel Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en DirectX Graphics Kernel This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37954 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38466
https://notcve.org/view.php?id=CVE-2022-38466
13 Sep 2022 — The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. • https://cert-portal.siemens.com/productcert/pdf/ssa-589975.pdf • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-35295 – SAP@ Host Agent Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-35295
13 Sep 2022 — In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. • http://packetstormsecurity.com/files/170233/SAP-Host-Agent-Privilege-Escalation.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1368 – Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2022-1368
06 Sep 2022 — This could allow an attacker to escalate privileges to match those of the compromised account. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38176
https://notcve.org/view.php?id=CVE-2022-38176
06 Sep 2022 — An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859. Se ha detectado un problema en YSoft SAFEQ 6 versiones anteriores a 6.0.72. Fueron configurados privilegios incorrectos como parte del paquete de instalación de los servicios del Cliente V3, permitien... • https://www.ysoft.com/en/legal/ysoft-safeq-client-v3-local-privilege-escalation •