CVE-2022-35867 – xhyve e1000 Stack-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-35867
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Era ZDI-CAN-15056 This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.zerodayinitiative.com/advisories/ZDI-22-949 • CWE-121: Stack-based Buffer Overflow •
CVE-2022-34918 – kernel: heap overflow in nft_set_elem_init()
https://notcve.org/view.php?id=CVE-2022-34918
A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. ... A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges. • https://github.com/veritas501/CVE-2022-34918 https://github.com/randorisec/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra25/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra/CVE-2022-34918-LPE-PoC https://github.com/linulinu/CVE-2022-34918 http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html http://www.openwall.com/lis • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1025: Comparison Using Wrong Factors •
CVE-2022-34901 – Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34901
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Era ZDI-CAN-16137 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://kb.parallels.com/en/129010 https://www.zerodayinitiative.com/advisories/ZDI-22-948 • CWE-427: Uncontrolled Search Path Element •
CVE-2022-34899 – Parallels Access Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34899
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Era ZDI-CAN-16134 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://kb.parallels.com/en/129010 https://www.zerodayinitiative.com/advisories/ZDI-22-947 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2022-34900 – Parallels Access Agent Uncontrolled Search Path Element Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34900
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... Era ZDI-CAN-15213 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://kb.parallels.com/en/129010 https://www.zerodayinitiative.com/advisories/ZDI-22-945 • CWE-427: Uncontrolled Search Path Element •