CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28751 – Local Privilege Escalation in Zoom Client for Meetings for MacOS
https://notcve.org/view.php?id=CVE-2022-28751
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Zoom Client for Meetings para MacOS (estándar y para IT Admin) versiones anteriores a 5.11.3, contiene una vulnerabilidad en la comprobación de la firma del paquete durante el proceso de actualización. Un usuario local poco privilegiado podría aprovechar esta vulnerabilidad para escalar sus privilegios a root. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2334 – Softing Secure Integration Server Uncontrolled Search Path Element
https://notcve.org/view.php?id=CVE-2022-2334
This vulnerability allows remote attackers to escalate privileges on affected installations of Softing Secure Integration Server. • https://industrial.softing.com/fileadmin/psirt/downloads/syt-2022-5.html https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-04 https://ide0x90.github.io/softing-sis-122-rce • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2022-31262
https://notcve.org/view.php?id=CVE-2022-31262
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. • https://github.com/secure-77/CVE-2022-31262 https://secure77.de/category/subjects/researches https://secure77.de/gog-galaxy-cve-2022-31262 https://www.youtube.com/watch?v=Bgdbx5TJShI • CWE-281: Improper Preservation of Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28756 – Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS
https://notcve.org/view.php?id=CVE-2022-28756
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Zoom Client for Meetings para macOS (estándar y para IT Admin) a partir de la versión 5.7.3 y anteriores a 5.11.5, contiene una vulnerabilidad en el proceso de actualización automática. Un usuario local poco privilegiado podría aprovechar esta vulnerabilidad para escalar sus privilegios a root. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26696 – Apple macOS LaunchServices Sandbox Escape Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-26696
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user. • https://support.apple.com/en-us/HT213257 •