CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2022-22973
https://notcve.org/view.php?id=CVE-2022-22973
20 May 2022 — A malicious actor with local access can escalate privileges to 'root'. • https://www.vmware.com/security/advisories/VMSA-2022-0014.html •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29179 – Improper Privilege Management in Cilium
https://notcve.org/view.php?id=CVE-2022-29179
20 May 2022 — Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed, the attacker can escalate privileges to cluster admin by using Cilium's Kubernetes service account. • https://github.com/cilium/cilium/releases/tag/v1.10.11 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31245
https://notcve.org/view.php?id=CVE-2022-31245
20 May 2022 — mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. mailcow versiones anteriores a 2022-05d, permite a un usuario remoto autenticado inyectar comandos del Sistema Operativo y escalar privilegios a administrador del dominio por medio de la opción --debug junto con la opción ---PIPEMESS en Sync Jobs • https://github.com/ly1g3/Mailcow-CVE-2022-31245 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29320
https://notcve.org/view.php?id=CVE-2022-29320
20 May 2022 — MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. • https://www.exploit-db.com/exploits/50859 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27095
https://notcve.org/view.php?id=CVE-2022-27095
20 May 2022 — BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. • https://www.exploit-db.com/exploits/50815 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27094
https://notcve.org/view.php?id=CVE-2022-27094
20 May 2022 — Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. • https://www.exploit-db.com/exploits/50817 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-26634
https://notcve.org/view.php?id=CVE-2022-26634
20 May 2022 — HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. • https://cxsecurity.com/issue/WLB-2022020111 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1356 – Cambium Networks cnMaestro use of Potentially Dangerous Function
https://notcve.org/view.php?id=CVE-2022-1356
17 May 2022 — cnMaestro is vulnerable to a local privilege escalation. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-0997 – Local Privilege Escalation Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2022-0997
17 May 2022 — Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. Unos permisos de archivo inapropiados en los componen... • https://github.com/henryreed/CVE-2022-0997 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-30688
https://notcve.org/view.php?id=CVE-2022-30688
17 May 2022 — needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files. needrestart versiones 0.8 hasta 3.5 anteriores a 3.6, es propenso a una escalada de privilegios local. • http://www.openwall.com/lists/oss-security/2022/05/17/9 •