CVSS: 8.8EPSS: 9%CPEs: 11EXPL: 0CVE-2022-22990 – Limited authentication bypass vulnerability on Western Digital My Cloud devices
https://notcve.org/view.php?id=CVE-2022-22990
13 Jan 2022 — A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. • https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 • CWE-287: Improper Authentication CWE-697: Incorrect Comparison •
CVSS: 9.8EPSS: 97%CPEs: 2EXPL: 20CVE-2022-23131 – Zabbix Frontend Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-23131
13 Jan 2022 — Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. • https://github.com/jweny/CVE-2022-23131 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34999 – OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34999
13 Jan 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. An attacker can leverage this in co... • https://www.zerodayinitiative.com/advisories/ZDI-22-073 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0015 – Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2022-0015
12 Jan 2022 — A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. • https://security.paloaltonetworks.com/CVE-2022-0015 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 1%CPEs: 27EXPL: 0CVE-2022-21895 – Windows User Profile Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-21895
11 Jan 2022 — Este ID de CVE es diferente de CVE-2022-21919 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21895 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.6EPSS: 0%CPEs: 20EXPL: 1CVE-2022-21877 – Storage Spaces Controller Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-21877
11 Jan 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/Big5-sec/cve-2022-21877 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 26EXPL: 0CVE-2022-21876 – Win32k Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-21876
11 Jan 2022 — An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21876 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-21838 – Windows Cleanup Manager Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-21838
11 Jan 2022 — Windows Cleanup Manager Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Cleanup Manager This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21838 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-45441 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-45441
06 Jan 2022 — Nota: un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000289996 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-45440 – Trend Micro Worry-Free Business Security Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-45440
06 Jan 2022 — Nota: un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000289996 • CWE-269: Improper Privilege Management •