CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 9CVE-2022-34918 – kernel: heap overflow in nft_set_elem_init()
https://notcve.org/view.php?id=CVE-2022-34918
04 Jul 2022 — A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. ... A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges. • https://github.com/randorisec/CVE-2022-34918-LPE-PoC • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1025: Comparison Using Wrong Factors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34899 – Parallels Access Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34899
01 Jul 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Era ZDI-CAN-16134 This vulnerability allows local attackers to escalate privileges on affected installations... • https://kb.parallels.com/en/129010 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34900 – Parallels Access Agent Uncontrolled Search Path Element Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34900
01 Jul 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... Era ZDI-CAN-15213 This vulnerability allows local attackers to escalate privileges on affected installat... • https://kb.parallels.com/en/129010 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34901 – Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34901
01 Jul 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Era ZDI-CAN-16137 This vulnerability allows local attackers to escalate privileges on affected installations... • https://kb.parallels.com/en/129010 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34902 – Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34902
01 Jul 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... Era ZDI-CAN-15787 This vulnerability allows local attackers to escalate privileges on affected installat... • https://kb.parallels.com/en/129010 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34889 – Parallels Desktop ACPI Out-Of-Bounds Read Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34889
30 Jun 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Era ZDI-CAN-16554 This vulnerability allows local attackers to escalate privileges on affect... • https://kb.parallels.com/125013 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34890 – Parallels Desktop Tools Untrusted Pointer Dereference Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-34890
30 Jun 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. • https://kb.parallels.com/125013 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34891 – Parallels Desktop Updater Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34891
30 Jun 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Era ZDI-CAN-16395 This vulnerability allows local attackers to escalate privileges on affected install... • https://kb.parallels.com/125013 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34892 – Parallels Desktop Updater Race Condition Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34892
30 Jun 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Era ZDI-CAN-16396 This vulnerability allows local attackers to escalate privileges on affected install... • https://kb.parallels.com/125013 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2145 – Cloudlfare WARP Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2022-2145
28 Jun 2022 — During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. • https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •