CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22964
https://notcve.org/view.php?id=CVE-2022-22964
11 Apr 2022 — VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. • https://www.vmware.com/security/advisories/VMSA-2022-0012.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22962
https://notcve.org/view.php?id=CVE-2022-22962
11 Apr 2022 — VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. • https://www.vmware.com/security/advisories/VMSA-2022-0012.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27089
https://notcve.org/view.php?id=CVE-2022-27089
11 Apr 2022 — In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. • https://hansesecure.de/2022/03/schwachstelle-in-fujitsu-plugfree-network • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0556 – ZyXel AP Configurator Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-0556
11 Apr 2022 — A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. Una vulnerabilidad de escalada de privilegios local causada por la asignación incorrecta de permisos en algunos directorios de Zyxel AP Configurator (ZAC) versión 1.1.4, que podría permitir a un atacante ejecutar código arbitrario como administrador local This vulnera... • https://www.zyxel.com/support/Zyxel-security-advisory-for-local-privilege-escalation-vulnerability-of-AP-Configurator.shtml • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20762 – Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-20762
06 Apr 2022 — A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26250
https://notcve.org/view.php?id=CVE-2022-26250
06 Apr 2022 — Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. • http://synaman.com • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26251
https://notcve.org/view.php?id=CVE-2022-26251
06 Apr 2022 — The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. • http://synaman.com • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25154
https://notcve.org/view.php?id=CVE-2022-25154
05 Apr 2022 — A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45891
https://notcve.org/view.php?id=CVE-2021-45891
05 Apr 2022 — ., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side. • https://syss.de • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2022-23909 – Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path
https://notcve.org/view.php?id=CVE-2022-23909
04 Apr 2022 — This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file. • https://www.exploit-db.com/exploits/50852 • CWE-428: Unquoted Search Path or Element •