CVE-2022-47040
https://notcve.org/view.php?id=CVE-2022-47040
An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80. • https://github.com/leoservalli/Privilege-escalation-ASKEY •
CVE-2022-37719
https://notcve.org/view.php?id=CVE-2022-37719
A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. • https://www.cryptnetix.com/blog/2022/09/14/Edge-Nexus-Vulnerability-Disclosure.html https://www.edgenexus.io/products/load-balancer • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-48191 – Trend Micro Maximum Security Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-48191
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-11252 https://www.zerodayinitiative.com/advisories/ZDI-23-053 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2022-3650 – Ceph: ceph-crash.service allows local ceph user to root exploit
https://notcve.org/view.php?id=CVE-2022-3650
Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. ... Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OEVVWT5ZFLYCVZNDJTDX7R6RY2W7JHP5 https://seclists.org/oss-sec/2022/q4/41 https://security.gentoo.org/glsa/202312-10 https://access.redhat.com/security/cve/CVE-2022-3650 https://bugzilla.redhat.com/show_bug.cgi?id=2136909 • CWE-842: Placement of User into Incorrect Group •
CVE-2023-22496 – Netdata vulnerable to command injection
https://notcve.org/view.php?id=CVE-2023-22496
The ability to run arbitrary commands may allow an attacker to escalate privileges by escalating other vulnerabilities in the system, as that user. • https://github.com/netdata/netdata/security/advisories/GHSA-xg38-3vmw-2978 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •