CVE-2022-36536 – Syncovery For Linux Web-GUI Session Token Brute-Forcer
https://notcve.org/view.php?id=CVE-2022-36536
KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens. • http://super.com http://syncovery.com https://www.mgm-sp.com/en/multiple-vulnerabilities-in-syncovery-for-linux • CWE-330: Use of Insufficiently Random Values •
CVE-2022-2977
https://notcve.org/view.php?id=CVE-2022-2977
On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f https://security.netapp.com/advisory/ntap-20230214-0006 • CWE-416: Use After Free •
CVE-2022-40142 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-40142
A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. ... Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291528 https://www.zerodayinitiative.com/advisories/ZDI-22-1190 • CWE-269: Improper Privilege Management •
CVE-2022-40143 – Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-40143
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. ... Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291528 https://www.zerodayinitiative.com/advisories/ZDI-22-1191 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-31322
https://notcve.org/view.php?id=CVE-2022-31322
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables. • https://medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb https://www.pentasecurity.com/product/wapples • CWE-798: Use of Hard-coded Credentials •