CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25510
https://notcve.org/view.php?id=CVE-2022-25510
10 Mar 2022 — FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. • https://github.com/FreeTAKTeam/FreeTakServer/issues/292 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0280 – McAfee Total Protection (MTP) - File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2022-0280
10 Mar 2022 — A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. • https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24750 – Low privilege user is able to exploit the service and gain SYSTEM privileges in UltraVNC server
https://notcve.org/view.php?id=CVE-2022-24750
10 Mar 2022 — A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. ... Se ha encontrado una vulnerabilidad en versiones anteriores a la 1.3.8.0 en la que el módulo de plugins DSM, que permite a un usuario local autenticado conseguir una escalada de privilegios local (LPE) en un sistema vulnerable. • https://github.com/bowtiejicode/UltraVNC-DSMPlugin-LPE • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42855 – Local privilege escalation due to misconfigured write permission on .debug_command.config file
https://notcve.org/view.php?id=CVE-2021-42855
09 Mar 2022 — It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed. Se ha detectado que el agente de muestreo dinámico (DSA) de SteelCentral AppInternals usa el archivo ".debug_command.config" para almacenar una cadena json que con... • https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855 • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-25943
https://notcve.org/view.php?id=CVE-2022-25943
09 Mar 2022 — The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. El instalador de WPS Office para versiones de Windows anteriores a v11.2.0.10258, no configura correctamente la ACL para el directorio donde es instalado el programa de servicio • https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2022-23265 – Microsoft Defender for IoT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-23265
09 Mar 2022 — Microsoft Defender for IoT Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Defender for IoT This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23265 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23266 – Microsoft Defender for IoT Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-23266
09 Mar 2022 — Microsoft Defender for IoT Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios de Microsoft Defender for IoT This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23266 •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-23299 – Windows PDEV Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-23299
09 Mar 2022 — Windows PDEV Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows PDEV This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23299 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-24455 – Windows CD-ROM Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-24455
09 Mar 2022 — Windows CD-ROM Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios de Windows CD-ROM Driver This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges to the level of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24455 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24285
https://notcve.org/view.php?id=CVE-2022-24285
08 Mar 2022 — Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. ... When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges. • https://community.acer.com/en/kb/articles/14761 • CWE-287: Improper Authentication •