CVE-2022-35899 – Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path
https://notcve.org/view.php?id=CVE-2022-35899
This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file. • https://www.exploit-db.com/exploits/50985 https://github.com/angelopioamirante/CVE-2022-35899 https://github.com/AngeloPioAmirante/CVE-2022-35899 https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html • CWE-428: Unquoted Search Path or Element •
CVE-2021-44954
https://notcve.org/view.php?id=CVE-2021-44954
In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration. • https://gist.github.com/Meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/a670418d51051d4e6513d86e84e8d5b8 https://twitter.com/Me9187/status/1414906288287404039 •
CVE-2022-2385 – AccessKeyID validation bypass
https://notcve.org/view.php?id=CVE-2022-2385
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. • https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/472 https://groups.google.com/a/kubernetes.io/g/dev/c/EMxHpU-1ZYs • CWE-20: Improper Input Validation •
CVE-2022-22034 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-22034
Windows Graphics Component Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows Graphics Component This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22034 • CWE-416: Use After Free •
CVE-2022-2319 – X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2319
Puede producirse un problema de acceso fuera de límites en la función ProcXkbSetGeometry debido a una comprobación inapropiada de la longitud de la petición This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938 https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939 https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html https://security.gentoo.org/glsa/202210-30 https://security.netapp.com/advisory/ntap-20221104-0003 https://www.zerodayinitiative.com/advisories/ZDI-22-964 https://access.redhat.com/security/cve/CVE-2022-2319 https://bugzilla.redhat.com/show_bug.cgi?id=2106671 • CWE-1320: Improper Protection for Outbound Error Messages and Alert Signals •