CVE-2022-39427 – Oracle VirtualBox COM RPC Interface Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-39427
Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.oracle.com/security-alerts/cpuoct2022.html •
CVE-2022-36438
https://notcve.org/view.php?id=CVE-2022-36438
AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). • https://asus-my.sharepoint.com/personal/carinacw_li_asus_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713%2FAsus%20Switch%20LPE.pdf&parent=%2Fpersonal%2Fcarinacw_li_asus_com%2FDocuments%2FSecurity%2FCase-220713&ga=1 https://asus.com • CWE-276: Incorrect Default Permissions •
CVE-2022-3569 – Zimbra Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-3569
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'. • http://packetstormsecurity.com/files/169430/Zimbra-Privilege-Escalation.html https://github.com/rapid7/metasploit-framework/pull/17141 https://twitter.com/ldsopreload/status/1580539318879547392 • CWE-271: Privilege Dropping / Lowering Errors •
CVE-2022-40055
https://notcve.org/view.php?id=CVE-2022-40055
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. • http://gpon.com http://gx.com https://blog.alphathreat.in/index.php?post/2022/10/01/Achieving-CVE-2022-40055 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2022-3564 – Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free
https://notcve.org/view.php?id=CVE-2022-3564
This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://security.netapp.com/advisory/ntap-20221223-0001 https://vuldb.com/?id.211087 https://access.redhat.com/security/cve/CVE-2022-3564 https://bugzilla.redhat.com/show_bug.cgi?id=2150999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •