CVE-2022-23085 – Potential jail escape vulnerabilities in netmap
https://notcve.org/view.php?id=CVE-2022-23085
This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc https://security.netapp.com/advisory/ntap-20240322-0004 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-23084 – Potential jail escape vulnerabilities in netmap
https://notcve.org/view.php?id=CVE-2022-23084
This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc https://security.netapp.com/advisory/ntap-20240419-0003 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2022-38532
https://notcve.org/view.php?id=CVE-2022-38532
This vulnerability allows attackers to escalate privileges via running a crafted executable. • https://github.com/nam3lum/msi-central_privesc •
CVE-2022-38351
https://notcve.org/view.php?id=CVE-2022-38351
A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page. • https://nobugescapes.com/blog/privilege-escalation-from-user-operator-to-system-administrator https://nobugescapes.com/wp-content/uploads/2022/08/Part1.docx • CWE-269: Improper Privilege Management •
CVE-2022-29908
https://notcve.org/view.php?id=CVE-2022-29908
The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation. • https://help.cloud.fabasoft.com/index.php?topic=doc/Technical-Information-eng/the-fabasoft-cloud-enterprise-client.htm https://www.compass-security.com/fileadmin/Research/Advisories/2022_13_CSNC-2022-010_LPE_Cloud_Client.txt • CWE-295: Improper Certificate Validation •