CVE-2022-35234 – Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-35234
An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-11058 https://www.zerodayinitiative.com/advisories/ZDI-22-962 • CWE-125: Out-of-bounds Read •
CVE-2022-2991 – Linux Kernel LightNVM Subsystem Heap-based Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2991
This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. ... This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8 https://www.zerodayinitiative.com/advisories/ZDI-22-960 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-32481
https://notcve.org/view.php?id=CVE-2022-32481
A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover. • https://support.emc.com/kb/000201213 •
CVE-2022-34871 – Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34871
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. ... Era ZDI-CAN-16335 This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://docs.centreon.com/docs/21.10/releases/centreon-core https://www.zerodayinitiative.com/advisories/ZDI-22-953 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-23714
https://notcve.org/view.php?id=CVE-2022-23714
A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. Se ha detectado un problema de escalada de privilegios locales (LPE) en las funcionalidades de ransomware canaries de Elastic Endpoint Security para Windows, que podría permitir a usuarios no privilegiados elevar sus privilegios a los de la cuenta LocalSystem • https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613 https://www.elastic.co/community/security • CWE-264: Permissions, Privileges, and Access Controls •