CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41142 – Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41142
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://github.com/centreon/centreon/security/policy https://www.zerodayinitiative.com/advisories/ZDI-22-1326 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41975
https://notcve.org/view.php?id=CVE-2022-41975
RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. vRealVNC VNC Server versiones anteriores a 6.11.0 y VNC Viewer versiones anteriores a 6.22.826 en Windows, permiten una escalada de privilegios local por medio del modo de reparación del instalador MSI • https://help.realvnc.com/hc/en-us/articles/360002253138-Release-Notes#vnc-server-6-11-0-released-0-2 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36961 – Orion Platform SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-36961
Un verbo usado en Orion era vulnerable a una inyección de SQL, un atacante autenticado podría aprovechar esto para la escalada de privilegios o una ejecución de código remota This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36961 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-40126
https://notcve.org/view.php?id=CVE-2022-40126
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. • https://github.com/LovelyWei/CVE-2022-40126 https://github.com/Fndroid/clash_for_windows_pkg/issues/3405 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 8CVE-2022-37706 – Enlightenment v0.25.3 - Privilege escalation
https://notcve.org/view.php?id=CVE-2022-37706
Enlightenment version 0.25.3 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/51180 https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit https://github.com/ECU-10525611-Xander/CVE-2022-37706 https://github.com/junnythemarksman/CVE-2022-37706 https://github.com/sanan2004/CVE-2022-37706 https://github.com/AleksPwn/CVE-2022-37706 https://github.com/TACTICAL-HACK/CVE-2022-37706-SUID https://github.com/GrayHatZone/CVE-2022-37706-LPE-exploit https://git.enlightenment.org/enlightenment/enlightenment/commit/cae78cbb169f237862faef1 • CWE-269: Improper Privilege Management •