CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26624 – eScan Anti-Virus Local privilege escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-26624
01 Apr 2022 — An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66596 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1098 – Delta Electronics DIAEnergie Uncontrolledly Search Path Element
https://notcve.org/view.php?id=CVE-2022-1098
01 Apr 2022 — When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges Delta Electronics DIAEnergie (todas las versiones anteriores a 1.8.02.004) son vulnerables a una condición de secuestro de DLL. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24426
https://notcve.org/view.php?id=CVE-2022-24426
01 Apr 2022 — Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. • https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27883 – Trend Micro Antivirus for Mac Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-27883
01 Apr 2022 — Tenga en cuenta que un atacante debe tener al menos privilegios de bajo nivel en el sistema para intentar explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of root. • https://helpcenter.trendmicro.com/en-us/article/tmka-10978 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27050
https://notcve.org/view.php?id=CVE-2022-27050
31 Mar 2022 — BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level. • https://github.com/ycdxsb/Vuln/tree/main/BitComet-Unquoted-Service-Path • CWE-428: Unquoted Search Path or Element •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2022-28223
https://notcve.org/view.php?id=CVE-2022-28223
30 Mar 2022 — Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. • https://medium.com/%40bertinjoseb/post-auth-rce-based-in-malicious-lua-plugin-script-upload-scada-controllers-located-in-russia-57044425ac38 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0799
https://notcve.org/view.php?id=CVE-2022-0799
28 Mar 2022 — Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file. • https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.0EPSS: 0%CPEs: 26EXPL: 0CVE-2021-4157 – kernel: Buffer overwrite in decode_nfs_fh function
https://notcve.org/view.php?id=CVE-2021-4157
25 Mar 2022 — A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2034342 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 2CVE-2022-27666 – kernel: buffer overflow in IPsec ESP transformation code
https://notcve.org/view.php?id=CVE-2022-27666
23 Mar 2022 — This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. • https://github.com/plummm/CVE-2022-27666 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24235
https://notcve.org/view.php?id=CVE-2022-24235
21 Mar 2022 — A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. • https://www.cryptnetix.com/blog/2022/03/19/Snapt-Aria-Vulnerability-Disclosure.html • CWE-352: Cross-Site Request Forgery (CSRF) •