CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2959 – Linux Kernel Watch Queue Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2959
24 Aug 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2897 – Measuresoft ScadaPro Server and Client Link Following
https://notcve.org/view.php?id=CVE-2022-2897
23 Aug 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Measuresoft ScadaPro Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39422 – Oracle VirtualBox IEM PGMPhysRead Out-Of-Bounds Write Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-39422
23 Aug 2022 — Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://security.gentoo.org/glsa/202212-03 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-31676 – open-vm-tools: local root privilege escalation in the virtual machine
https://notcve.org/view.php?id=CVE-2022-31676
23 Aug 2022 — VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. ... A malicious actor with local non-administrative access to the guest operating system can escalate privileges as a root user in the virtual machine. • http://www.openwall.com/lists/oss-security/2022/08/23/3 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28757 – Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS
https://notcve.org/view.php?id=CVE-2022-28757
18 Aug 2022 — The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Zoom Client for Meetings para macOS (estándar y para IT Admin) a partir de la versión 5.7.3 y anteriores a 5.11.6, contiene una vulnerabilidad en el proceso de actualización automática. Un usuario local poco privilegiado podría aprovechar esta vul... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-35751 – Windows Hyper-V Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-35751
18 Aug 2022 — Windows Hyper-V Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35751 •
CVSS: 8.8EPSS: 0%CPEs: 27EXPL: 0CVE-2022-35750 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-35750
18 Aug 2022 — Win32k Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35750 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28752 – Local Privilege Escalation in the Zoom Rooms for Windows Client
https://notcve.org/view.php?id=CVE-2022-28752
17 Aug 2022 — Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28751 – Local Privilege Escalation in Zoom Client for Meetings for MacOS
https://notcve.org/view.php?id=CVE-2022-28751
17 Aug 2022 — The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Zoom Client for Meetings para MacOS (estándar y para IT Admin) versiones anteriores a 5.11.3, contiene una vulnerabilidad en la comprobación de la firma del paquete durante el proceso de actualización. Un usuario local poco privilegiado... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2334 – Softing Secure Integration Server Uncontrolled Search Path Element
https://notcve.org/view.php?id=CVE-2022-2334
17 Aug 2022 — This vulnerability allows remote attackers to escalate privileges on affected installations of Softing Secure Integration Server. • https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html • CWE-427: Uncontrolled Search Path Element •