CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25162 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-25162
14 Apr 2022 — Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges. • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25152 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-25152
14 Apr 2022 — Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges. • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-384: Session Fixation •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2020-16238 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-16238
14 Apr 2022 — Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22187 – JIMS: Local Privilege Escalation vulnerability via repair functionality
https://notcve.org/view.php?id=CVE-2022-22187
14 Apr 2022 — An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0029/MNDT-2022-0029.md • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1256 – Improper Privilege Management in McAfee Agent for Windows
https://notcve.org/view.php?id=CVE-2022-1256
14 Apr 2022 — A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. • https://kc.mcafee.com/corporate/index?page=content&id=SB10382 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 15%CPEs: 1EXPL: 2CVE-2021-42136 – REDCap 11.3.9 - Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-42136
13 Apr 2022 — This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator. ... Esto puede ser aprovechado para ejecutar un ataque de tipo Cross-Site Request Forgery para escalar privilegios a administrador REDCap versions prior to 11.4.0 suffer from a persistent cross site scripting vulnerability that can be leveraged to escalate privileges. • https://www.exploit-db.com/exploits/50877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 3CVE-2022-22960 – VMware Multiple Products Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-22960
13 Apr 2022 — A malicious actor with local access can escalate privileges to 'root'. • http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2022-28339 – Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-28339
12 Apr 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator. •
CVSS: 3.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1230 – Samsung Galaxy S21 loadUrl Open Redirect Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-1230
12 Apr 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. • https://security.samsungmobile.com/serviceWeb.smsb • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1316 – Incorrect Permission Assignment for Critical Resource in zerotier/zerotierone
https://notcve.org/view.php?id=CVE-2022-1316
11 Apr 2022 — Local Privilege Escalation Escalada de privilegios local de ZeroTierOne para Windows debido a un privilegio de directorio incorrecto en el repositorio de GitHub zerotier/zerotierone versiones anteriores a 1.8.8. • https://github.com/zerotier/zerotierone/commit/ffb444dbeb6bea3cb155502395e61cb6d18708c9 • CWE-732: Incorrect Permission Assignment for Critical Resource •