CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 8CVE-2022-32250 – Linux Kernel nf_tables_expr_destroy Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-32250
02 Jun 2022 — net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. ... This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://github.com/ysanatomic/CVE-2022-32250-LPE • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29483 – e-Design - Multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2022-29483
31 May 2022 — Una vulnerabilidad de Permisos Predeterminados Incorrectos en ABB e-Design permite a un atacante instalar software malicioso que es ejecutado con permisos SYSTEM, violando la confidencialidad, la integridad y la disponibilidad de la máquina de destino This vulnerability allows local attackers to escalate privileges on affected installations of ABB e-Design. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://search.abb.com/library/Download.aspx?DocumentID=2%20CMT%200%200%206%200%208%206&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30702 – Trend Micro Internet Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-30702
27 May 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-11022 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26773 – Apple iTunes Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-26773
26 May 2022 — Una aplicación puede ser capaz de eliminar archivos para los que no presenta permiso This vulnerability allows local attackers to escalate privileges on affected installations of Apple iTunes. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.apple.com/en-us/HT213259 •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-26688 – Apple macOS PackageKit PKCoreShove Link Following System Integrity Protection Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-26688
26 May 2022 — An attacker can leverage this vulnerability to escalate privileges and modify the contents of system files. • https://support.apple.com/en-us/HT213183 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22676 – Apple macOS PackageKit PKInstallService Directory Traversal System Integrity Protection Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-22676
26 May 2022 — An attacker can leverage this vulnerability to escalate privileges and delete files normally protected from the user. • https://support.apple.com/en-us/HT213054 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30700 – Trend Micro Apex One Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30700
26 May 2022 — Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291008 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30701 – Trend Micro Apex One Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30701
26 May 2022 — Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291008 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-29333
https://notcve.org/view.php?id=CVE-2022-29333
24 May 2022 — A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. • http://cyberlink.com • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2021-32935 – Cognex In-Sight OPC Server - Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2021-32935
23 May 2022 — The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-224-01 • CWE-502: Deserialization of Untrusted Data •