CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34549
https://notcve.org/view.php?id=CVE-2022-34549
27 Jul 2022 — This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. • http://cwe.mitre.org/data/definitions/434.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28877 – Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products
https://notcve.org/view.php?id=CVE-2022-28877
21 Jul 2022 — This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32498
https://notcve.org/view.php?id=CVE-2022-32498
20 Jul 2022 — A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure. • https://www.dell.com/support/kbdoc/000201283 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 200EXPL: 0CVE-2022-22221 – Junos OS: SRX and EX Series: Local privilege escalation flaw in "download" functionality
https://notcve.org/view.php?id=CVE-2022-22221
20 Jul 2022 — An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the "request ..." or "show system download ..." commands. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: All versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 ve... • https://kb.juniper.net/JSA69725 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 4CVE-2022-35899 – Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path
https://notcve.org/view.php?id=CVE-2022-35899
19 Jul 2022 — This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file. • https://www.exploit-db.com/exploits/50985 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-44954
https://notcve.org/view.php?id=CVE-2021-44954
17 Jul 2022 — In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration. • https://gist.github.com/Meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/a670418d51051d4e6513d86e84e8d5b8 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2385 – AccessKeyID validation bypass
https://notcve.org/view.php?id=CVE-2022-2385
12 Jul 2022 — A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. • https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 13%CPEs: 32EXPL: 0CVE-2022-22034 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-22034
12 Jul 2022 — Windows Graphics Component Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows Graphics Component This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22034 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2319 – X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2319
12 Jul 2022 — Puede producirse un problema de acceso fuera de límites en la función ProcXkbSetGeometry debido a una comprobación inapropiada de la longitud de la petición This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938 • CWE-1320: Improper Protection for Outbound Error Messages and Alert Signals •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2320 – X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2320
12 Jul 2022 — This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. ... Este fallo permite a un atacante escalar privilegios y ejecutar código arbitrario en el contexto de root This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc • CWE-787: Out-of-bounds Write •