CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31219 – Drive Composer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-31219
15 Jun 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31218 – Drive Composer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-31218
15 Jun 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31217 – Drive Composer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-31217
15 Jun 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31216 – Drive Composer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-31216
15 Jun 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of ABB Automation Builder Platform. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26057 – Mint WorkBench Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-26057
15 Jun 2022 — Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product Unas vulnerabilidades en Mint WorkBench permiten a un atacante con pocos privilegios crear y escribir en un archivo en cualquier parte del sistema de archivos como SYSTEM con contenido arbitrario siemp... • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 • CWE-269: Improper Privilege Management •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-40776 – Adobe Lightroom Classic DLL Hijacking Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-40776
15 Jun 2022 — An authenticated attacker could leverage this vulnerability to escalate privileges. • https://helpx.adobe.com/security/products/lightroom/apsb21-97.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 2CVE-2022-29614 – SAP SAPControl Web Service Interface Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-29614
14 Jun 2022 — SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. SAP startse... • http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31465
https://notcve.org/view.php?id=CVE-2022-31465
14 Jun 2022 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27502
https://notcve.org/view.php?id=CVE-2022-27502
10 Jun 2022 — RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. • https://github.com/alirezac0/CVE-2022-27502 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25153 – ITarian - Local privilege escalation in Endpoint Manager agent on Windows
https://notcve.org/view.php?id=CVE-2022-25153
08 Jun 2022 — The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup. El cliente de comunicación de ITarian Endpoint Manage, versiones anteriores a 6.43.41148.21120, es compilado usando una configuración no segura de OpenSSL. Debido a esta configuración, un actor malicioso con acceso de bajos p... • https://csirt.divd.nl/CVE-2022-25153 • CWE-275: Permission Issues •