CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-36668
https://notcve.org/view.php?id=CVE-2021-36668
11 Jul 2022 — URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App. Una inyección de URL en Driva inSync versión 6.9.0 para MacOS, permite a atacantes forzar una visita a una url arbitraria por medio del parámetro port a la aplicación Electron • https://imhotepisinvisible.com/druva-lpe • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36667
https://notcve.org/view.php?id=CVE-2021-36667
11 Jul 2022 — Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library. Una vulnerabilidad de inyección de comandos en Druva inSync versión 6.9.0 para MacOS, permite a atacantes ejecutar comandos arbitrarios por medio de una carga útil diseñada para el servidor HTTP local debido a una llamada no saneada a la biblioteca python os.system • https://imhotepisinvisible.com/druva-lpe • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36666
https://notcve.org/view.php?id=CVE-2021-36666
11 Jul 2022 — An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission. Se ha detectado un problema en Druva versión 6.9.0 para MacOS, que permite a atacantes conseguir privilegios locales escalados por medio de inSyncDecommission • https://imhotepisinvisible.com/druva-lpe • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-36665
https://notcve.org/view.php?id=CVE-2021-36665
11 Jul 2022 — An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon. Se ha detectado un problema en Druva versión 6.9.0 para macOS, que permite a atacantes conseguir privilegios locales escalados por medio de inSyncUpgradeDaemon • https://imhotepisinvisible.com/druva-lpe • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2991 – Linux Kernel LightNVM Subsystem Heap-based Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2991
11 Jul 2022 — This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. ... This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35234 – Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-35234
11 Jul 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-11058 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32481
https://notcve.org/view.php?id=CVE-2022-32481
07 Jul 2022 — A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover. • https://support.emc.com/kb/000201213 •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34871 – Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34871
07 Jul 2022 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. ... Era ZDI-CAN-16335 This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://docs.centreon.com/docs/21.10/releases/centreon-core • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23714
https://notcve.org/view.php?id=CVE-2022-23714
06 Jul 2022 — A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. Se ha detectado un problema de escalada de privilegios locales (LPE) en las funcionalidades de ransomware canaries de Elastic Endpoint Security para Windows, que podría permitir a usuarios no privilegiados elevar sus privilegios a los de la cuenta LocalSy... • https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35867 – xhyve e1000 Stack-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-35867
06 Jul 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Era ZDI-CAN-15056 This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. • https://www.zerodayinitiative.com/advisories/ZDI-22-949 • CWE-121: Stack-based Buffer Overflow •