CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28896
https://notcve.org/view.php?id=CVE-2022-28896
10 May 2022 — A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28895
https://notcve.org/view.php?id=CVE-2022-28895
10 May 2022 — A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28901
https://notcve.org/view.php?id=CVE-2022-28901
10 May 2022 — A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. • https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1537 – file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in gruntjs/grunt
https://notcve.org/view.php?id=CVE-2022-1537
10 May 2022 — This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. • https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 6CVE-2022-26923 – Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-26923
10 May 2022 — Active Directory Domain Services Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Active Directory Domain Services This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. ... An attacker can leverage this vulnerability to escalate privileges and disclose stored credentials, leading to further compromise. • https://github.com/lsecqt/CVE-2022-26923-Powershell-POC • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2022-29104 – Windows Print Spooler Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-29104
10 May 2022 — Este ID de CVE es diferente de CVE-2022-29132 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29104 •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-30138 – Windows Print Spooler Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-30138
10 May 2022 — Este ID de CVE es diferente de CVE-2022-29104, CVE-2022-29132 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30138 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42743 – Local privilege escalation via a default path in Splunk Enterprise Windows
https://notcve.org/view.php?id=CVE-2021-42743
06 May 2022 — A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. • https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22782 – Local privilege escalation in Windows Zoom Clients
https://notcve.org/view.php?id=CVE-2022-22782
28 Apr 2022 — The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. ... Un actor malicioso podría usar esto para eliminar potencialmente archivos o carpetas a nivel de sistema, causando problemas de integridad o di... • https://explore.zoom.us/en/trust/security/security-bulletin •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33436
https://notcve.org/view.php?id=CVE-2021-33436
28 Apr 2022 — NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. • https://github.com/active-labs/Advisories/blob/master/2021/ACTIVE-2021-001.md •