CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44097
https://notcve.org/view.php?id=CVE-2022-44097
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. • https://github.com/upasvi/CVE-/issues/2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46152 – OP-TEE Trusted OS vulnerable to Improper Validation of Array Index in the cleanup_shm_refs function
https://notcve.org/view.php?id=CVE-2022-46152
Maintainers believe this problem permits local privilege escalation from the normal world to the secure world. • https://github.com/OP-TEE/optee_os/blob/c2d449482de098f1c894b94f338440e5a327813d/core/tee/entry_std.c#L257 https://github.com/OP-TEE/optee_os/commit/728616b28df659cf0bdde6e58a471f6ef25d023c https://github.com/OP-TEE/optee_os/security/advisories/GHSA-65w8-6mrg-52g7 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:M/IR:M/AR:M/MAV:L/MAC:L/MPR:H/MUI:N/MS:C/MC:H/MI:H/MA:H&version=3.1 • CWE-129: Improper Validation of Array Index •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31877
https://notcve.org/view.php?id=CVE-2022-31877
An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. • http://msi.com https://patsch.dev/2022/07/08/cve-2022-31877-privilege-escalation-in-msi-centers-msi-terminalserver-exe • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-36960 – SolarWinds Platform Improper Input Validation
https://notcve.org/view.php?id=CVE-2022-36960
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36960 • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-3910 – Use after free in IO_uring in the Linux Kernel
https://notcve.org/view.php?id=CVE-2022-3910
An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). • https://github.com/veritas501/CVE-2022-3910 https://github.com/TLD1027/CVE-2022-3910 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://kernel.dance/#fc7222c3a9f56271fba02aabbfbae999042f1679 • CWE-416: Use After Free •