CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48021
https://notcve.org/view.php?id=CVE-2022-48021
A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server. • https://zammad.com/de/advisories/zaa-2022-11 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3560 – pesign: Local privilege escalation on pesign systemd service
https://notcve.org/view.php?id=CVE-2022-3560
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. • https://bugzilla.redhat.com/show_bug.cgi?id=2135420#c0 https://access.redhat.com/security/cve/CVE-2022-3560 https://bugzilla.redhat.com/show_bug.cgi?id=2135420 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48079
https://notcve.org/view.php?id=CVE-2022-48079
Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system. • http://mf.mengnai.top https://thanatosxingyu.github.io •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0524
https://notcve.org/view.php?id=CVE-2023-0524
This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. • https://www.tenable.com/security/tns-2023-04 •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2022-42972 – Schneider Electric APC Easy UPS Online Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42972
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric APC Easy UPS Online. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •