CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-24113 – Local privilege escalation due to excessive permissions assigned to child processes
https://notcve.org/view.php?id=CVE-2022-24113
04 Feb 2022 — Local privilege escalation due to excessive permissions assigned to child processes. • https://security-advisory.acronis.com/advisories/SEC-2881 • CWE-250: Execution with Unnecessary Privileges CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24259
https://notcve.org/view.php?id=CVE-2022-24259
04 Feb 2022 — An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request. • https://kerbit.io/research/read/blog/3 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 20%CPEs: 1EXPL: 1CVE-2022-24260
https://notcve.org/view.php?id=CVE-2022-24260
04 Feb 2022 — A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. • https://kerbit.io/research/read/blog/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44903
https://notcve.org/view.php?id=CVE-2021-44903
04 Feb 2022 — Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. ... Micro-Star International (MSI) Center Pro versiones anteriores a 2.0.16.0 incluyéndola, es vulnerable a múltiples vulnerabilidades de escalada de privilegios (LPE/EoP) en los componentes de los controladores atidgllk.sys, atillk64.sys, MODA... • https://voidsec.com •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44901
https://notcve.org/view.php?id=CVE-2021-44901
04 Feb 2022 — Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. ... Micro-Star International (MSI) Dragon Center versiones anteriores a 2.0.116.0 incluyéndola, es vulnerable a múltiples vulnerabilidades de escalada de privilegios (LPE/EoP) en los componentes de los controladores atidgllk.sys, atillk64.s... • https://voidsec.com •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44900
https://notcve.org/view.php?id=CVE-2021-44900
04 Feb 2022 — Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. ... Micro-Star International (MSI) App Player versiones anteriores a 4.280.1.6309 incluyéndola, es vulnerable a múltiples vulnerabilidades de escalada de privilegios (LPE/EoP) en los componentes de los controladores NTIOLib_X64.sys y BstkDrv_msi2.sys. • https://voidsec.com •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2021-37852 – LPE in ESET products for Windows
https://notcve.org/view.php?id=CVE-2021-37852
31 Jan 2022 — ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM. Los productos de ESET para Windows permiten a un proceso no confiable hacerse pasar por el cliente de una tubería, lo que puede ser aprovechado por un atacante para escalar privilegios en el contexto de NT AUTHORITY\SYSTEM This vulnerability allows local attackers to escalate privileges on affected installations... • https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-44463 – Emerson DeltaV Uncontrolled Search Path Element
https://notcve.org/view.php?id=CVE-2021-44463
28 Jan 2022 — Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-22993 – Limited Server-Side Request Forgery vulnerability on Western Digital My Cloud devices.
https://notcve.org/view.php?id=CVE-2022-22993
28 Jan 2022 — La vulnerabilidad fue abordada al crear una lista blanca de parámetros válidos This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Western Digital MyCloud PR4100. • https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40397
https://notcve.org/view.php?id=CVE-2021-40397
28 Jan 2022 — A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1409 • CWE-276: Incorrect Default Permissions •