CVE-2022-36369 – qatzip: local privilege escalation
https://notcve.org/view.php?id=CVE-2022-36369
Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. A potential flaw was found in QATzip. This vulnerability may allow escalation of privileges. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00765.html https://access.redhat.com/security/cve/CVE-2022-36369 https://bugzilla.redhat.com/show_bug.cgi?id=2170784 • CWE-284: Improper Access Control •
CVE-2023-23947 – Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets
https://notcve.org/view.php?id=CVE-2023-23947
The attacker could use this access to escalate privileges (potentially controlling Kubernetes resources) or to break Argo CD functionality (by preventing connections to external clusters). • https://github.com/argoproj/argo-cd/commit/fbb0b99b1ac3361b253052bd30259fa43a520945 https://github.com/argoproj/argo-cd/security/advisories/GHSA-3jfq-742w-xg8j https://access.redhat.com/security/cve/CVE-2023-23947 https://bugzilla.redhat.com/show_bug.cgi?id=2167819 • CWE-863: Incorrect Authorization •
CVE-2023-21822 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-21822
Windows Graphics Component Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21822 • CWE-416: Use After Free •
CVE-2022-35868
https://notcve.org/view.php?id=CVE-2022-35868
Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. ... Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. • https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf https://cert-portal.siemens.com/productcert/html/ssa-640968.html • CWE-426: Untrusted Search Path •
CVE-2022-31808
https://notcve.org/view.php?id=CVE-2022-31808
Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf • CWE-20: Improper Input Validation •