CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33915
https://notcve.org/view.php?id=CVE-2022-33915
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. • https://alas.aws.amazon.com/AL2/ALAS-2022-1806.html https://alas.aws.amazon.com/ALAS-2022-1601.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 71EXPL: 0CVE-2022-33912
https://notcve.org/view.php?id=CVE-2022-33912
This leads to a local privilege escalation on the monitored host. • https://checkmk.com/werk/14098 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31464
https://notcve.org/view.php?id=CVE-2022-31464
Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path. • https://r0h1rr1m.medium.com/adaware-protect-local-privilege-escalation-through-insecure-service-permissions-44d0eeb6c933 https://www.adaware.com • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30670 – Escalate Privileges to Server Admin - Robohelp Server
https://notcve.org/view.php?id=CVE-2022-30670
RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction. RoboHelp Server versiones anteriores a la actualización 3 de RHS 11, están afectadas por una vulnerabilidad de Autorización Inapropiada que podría conllevar a una elevación de privilegios. Un atacante autenticado podría aprovechar esta vulnerabilidad para obtener privilegios de administrador completos. • https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33158 – Trend Micro Proxy One Pro Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-33158
Trend Micro VPN Proxy versiones 5.2.1026 y anteriores, contiene una vulnerabilidad relacionada con algunas carpetas demasiado permisivas en un directorio clave que podría permitir a un atacante local obtener una escalada de privilegios en un sistema afectado This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Proxy One Pro. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-11042 https://www.zerodayinitiative.com/advisories/ZDI-22-853 • CWE-552: Files or Directories Accessible to External Parties •