CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38764 – Trend Micro HouseCall Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-38764
Una vulnerabilidad en Trend Micro HouseCall versiones 1.62.1.1133 y anteriores, podría permitir a un atacante local escalar los privilegios debido a una carpeta demasiado permisiva en el instalador del producto This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator. • https://helpcenter.trendmicro.com/en-us/article/tmka-11092 https://www.zerodayinitiative.com/advisories/ZDI-22-1178 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32427
https://notcve.org/view.php?id=CVE-2022-32427
Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. • https://docs.printercloud.com/1-Printerlogic/Release_Notes/Client_Release_Notes.htm?tocpath=_____9 https://www.printerlogic.com/security-bulletin • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2959 – Linux Kernel Watch Queue Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2959
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a https://security.netapp.com/advisory/ntap-20230214-0005 https://www.zerodayinitiative.com/advisories/ZDI-22-1165 https://access.redhat.com/security/cve/CVE-2022-2959 https://bugzilla.redhat.com/show_bug.cgi?id=2103681 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-31676 – open-vm-tools: local root privilege escalation in the virtual machine
https://notcve.org/view.php?id=CVE-2022-31676
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. ... A malicious actor with local non-administrative access to the guest operating system can escalate privileges as a root user in the virtual machine. • http://www.openwall.com/lists/oss-security/2022/08/23/3 https://lists.debian.org/debian-lts-announce/2022/08/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5VV2R4LV4T3SNQJYRLFD4C75HBDVV76 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4TZF6QRJIDECGMEGBPXJCHZ6YC3VZ6Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZA63DWRW7HROTVBNRIPBJQWBYIYAQMEW https://security.gentoo.org/glsa/202 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39422 – Oracle VirtualBox IEM PGMPhysRead Out-Of-Bounds Write Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-39422
Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://security.gentoo.org/glsa/202212-03 https://www.oracle.com/security-alerts/cpuoct2022.html • CWE-269: Improper Privilege Management •