CVE-2022-46340 – X.Org Server XTestFakeInput Type Confusion Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46340
This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. ... This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2022-46340 https://bugzilla.redhat.com/show_bug.cgi?id=2151755 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP https://lists.fedoraproject.org/archives/list/package-announce% • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-46609
https://notcve.org/view.php?id=CVE-2022-46609
This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. • https://github.com/herry-zhang/Python3-RESTfulAPI https://github.com/herry-zhang/Python3-RESTfulAPI/blob/1c2081dca357685b3180b9baeb7e761e9a10ca99/SECURITY.md https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99 https://mirrors.neusoft.edu.cn/pypi/web/simple/request •
CVE-2022-4283 – X.Org Server XkbCopyNames Double Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-4283
This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2022-4283 https://bugzilla.redhat.com/show_bug.cgi?id=2151761 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA https://security.gentoo.org/glsa/202305-30 https://www • CWE-416: Use After Free •
CVE-2022-46343 – X.Org Server ScreenSaverSetAttributes Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46343
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2022-46343 https://bugzilla.redhat.com/show_bug.cgi?id=2151758 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA https://security.gentoo.org/glsa/202305-30 https://ww • CWE-416: Use After Free •
CVE-2022-44898 – MsIo64 LOLDriver Memory Corruption
https://notcve.org/view.php?id=CVE-2022-44898
The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests. • http://packetstormsecurity.com/files/174447/MsIo64-LOLDriver-Memory-Corruption.html https://heegong.github.io/posts/ASUS-AuraSync-Kernel-Stack-Based-Buffer-Overflow-Local-Privilege-Escalation https://www.asus.com/campaign/aura/us/download.php https://www.asus.com/content/ASUS-Product-Security-Advisory • CWE-787: Out-of-bounds Write •