CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1368 – Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2022-1368
This could allow an attacker to escalate privileges to match those of the compromised account. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-249-03 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38176
https://notcve.org/view.php?id=CVE-2022-38176
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859. Se ha detectado un problema en YSoft SAFEQ 6 versiones anteriores a 6.0.72. Fueron configurados privilegios incorrectos como parte del paquete de instalación de los servicios del Cliente V3, permitiendo una escalada de privilegios del usuario local al sobrescribir el archivo ejecutable por medio de un flujo de datos alternativo. • https://www.ysoft.com/en/legal/ysoft-safeq-client-v3-local-privilege-escalation https://ysoft.com •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 2CVE-2022-37771
https://notcve.org/view.php?id=CVE-2022-37771
IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. • https://mrvar0x.com/2022/08/02/multiple-endpoints-security-tampering-exploit https://packetstormsecurity.com/files/167913/IObit-Malware-Fighter-9.2-Tampering-Privilege-Escalation.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36670
https://notcve.org/view.php?id=CVE-2022-36670
PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. • https://mrvar0x.com/2022/07/21/pcprotect-endpoint-tampering-exploit • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2022-23684
https://notcve.org/view.php?id=CVE-2022-23684
Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt •