CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24286
https://notcve.org/view.php?id=CVE-2022-24286
08 Mar 2022 — Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. ... When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges. • https://community.acer.com/en/kb/articles/14762 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4199 – Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017)
https://notcve.org/view.php?id=CVE-2021-4199
07 Mar 2022 — Versiones de Bitdefender Endpoint Security Tools for Windows anteriores a la 7.4.3.146 This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.bitdefender.com/support/security-advisories/incorrect-permission-assignment-for-critical-resource-vulnerability-in-bdreinit-exe-va-10017 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40376
https://notcve.org/view.php?id=CVE-2021-40376
07 Mar 2022 — otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000. otris Update Manager versión 1.2.1.0, permite a usuarios locales conseguir acceso SYSTEM por medio de llamadas no autenticadas a interfaces expuestas sobre una tubería con nombre .NET. Un ataque remoto puede ser posible también, aprovechando WsHTTPBinding para el... • https://www.tuv.com/content-media-files/master-content/global-landingpages/images/vulnerability-disclosure/tuv-rheinland-security-advisory-local-privilege-escalation-vulnerability-in-otris-update-manager.pdf • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25031
https://notcve.org/view.php?id=CVE-2022-25031
03 Mar 2022 — Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. • https://hansesecure.de/2022/02/vulnerability-in-remote-desktop-commander-suite-agent/?lang=en • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45819
https://notcve.org/view.php?id=CVE-2021-45819
03 Mar 2022 — Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. • https://hansesecure.de/2021/12/vulnerability-wordline/?lang=en • CWE-428: Unquoted Search Path or Element •
CVSS: 6.1EPSS: 0%CPEs: 132EXPL: 0CVE-2021-38263
https://notcve.org/view.php?id=CVE-2021-38263
02 Mar 2022 — Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers to inject arbitrary web script or HTML via the output of a script. La vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola de secuencias de comandos del módulo Server en Liferay Portal 7.3.2 y anteriores, y Liferay DXP 7.0 antes del paquete de correccion... • https://issues.liferay.com/browse/LPE-17061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 113EXPL: 0CVE-2021-38266
https://notcve.org/view.php?id=CVE-2021-38266
02 Mar 2022 — The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP. El módulo Portal Security en Liferay Portal 7.2.1 y anteriores, y Liferay DXP 7.0 antes del fix pack 90, 7.1 antes del fix pack 17 y 7.2 antes del fix pack 5 no importa correctamente... • https://issues.liferay.com/browse/LPE-17191 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25045
https://notcve.org/view.php?id=CVE-2022-25045
02 Mar 2022 — Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. • https://github.com/VivekPanday12/CVE-/issues/6 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23921 – ICSA-22-053-01 GE Proficy CIMPLICITY-IPM
https://notcve.org/view.php?id=CVE-2022-23921
25 Feb 2022 — Exploitation of this vulnerability may result in local privilege escalation and code execution. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 9%CPEs: 50EXPL: 7CVE-2022-0492 – kernel: cgroups v1 release_agent feature may allow privilege escalation
https://notcve.org/view.php?id=CVE-2022-0492
23 Feb 2022 — This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. • https://github.com/chenaotian/CVE-2022-0492 • CWE-287: Improper Authentication CWE-862: Missing Authorization •