CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 2CVE-2022-37771
https://notcve.org/view.php?id=CVE-2022-37771
06 Sep 2022 — IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. • https://mrvar0x.com/2022/08/02/multiple-endpoints-security-tampering-exploit • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36670
https://notcve.org/view.php?id=CVE-2022-36670
06 Sep 2022 — PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. • https://mrvar0x.com/2022/07/21/pcprotect-endpoint-tampering-exploit • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 48EXPL: 0CVE-2022-23684
https://notcve.org/view.php?id=CVE-2022-23684
06 Sep 2022 — Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34382
https://notcve.org/view.php?id=CVE-2022-34382
02 Sep 2022 — Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. • https://www.dell.com/support/kbdoc/000202198 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-25657 – Avaya IP Office Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25657
02 Sep 2022 — A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0037/MNDT-2022-0037.md • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37347 – Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-37347
31 Aug 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-11058 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37348 – Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-37348
31 Aug 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-11058 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34893 – Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34893
31 Aug 2022 — Trend Micro Security versión 2022 (consumer), presenta una vulnerabilidad de tipo link following en la que un atacante con bajos privilegios podría manipular un punto de montaje que podría conllevar a una escalada de privilegios en una máquina afectada This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTE... • https://helpcenter.trendmicro.com/en-us/article/tmka-11053 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38764 – Trend Micro HouseCall Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-38764
31 Aug 2022 — Una vulnerabilidad en Trend Micro HouseCall versiones 1.62.1.1133 y anteriores, podría permitir a un atacante local escalar los privilegios debido a una carpeta demasiado permisiva en el instalador del producto This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator. • https://helpcenter.trendmicro.com/en-us/article/tmka-11092 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32427
https://notcve.org/view.php?id=CVE-2022-32427
25 Aug 2022 — Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. • https://docs.printercloud.com/1-Printerlogic/Release_Notes/Client_Release_Notes.htm?tocpath=_____9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •