CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36336 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-36336
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. ... Los clientes que están al día con los patrones de detección no requieren tomar ninguna medida adicional para mitigar este problema This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291267 https://www.zerodayinitiative.com/advisories/ZDI-22-1033 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34549
https://notcve.org/view.php?id=CVE-2022-34549
This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. • http://cwe.mitre.org/data/definitions/434.html https://github.com/rawchen/sims/issues/6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28877 – Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products
https://notcve.org/view.php?id=CVE-2022-28877
This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories https://www.withsecure.com/en/support/security-advisories •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32498
https://notcve.org/view.php?id=CVE-2022-32498
A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure. • https://www.dell.com/support/kbdoc/000201283 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 200EXPL: 0CVE-2022-22221 – Junos OS: SRX and EX Series: Local privilege escalation flaw in "download" functionality
https://notcve.org/view.php?id=CVE-2022-22221
An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the "request ..." or "show system download ..." commands. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: All versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2, 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Una vulnerabilidad de Neutralización Inapropiada de Elementos Especiales en el administrador de descargas del Sistema Operativo Junos de Juniper Networks en las series SRX y EX permite a un atacante autenticado localmente con bajos privilegios tomar el control total del dispositivo. Uno de los aspectos de esta vulnerabilidad es que el atacante debe ser capaz de ejecutar cualquiera de los comandos "request ..." o "show system download ...". • https://kb.juniper.net/JSA69725 •