CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26057 – Mint WorkBench Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-26057
Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product Unas vulnerabilidades en Mint WorkBench permiten a un atacante con pocos privilegios crear y escribir en un archivo en cualquier parte del sistema de archivos como SYSTEM con contenido arbitrario siempre que el archivo no exista ya. El archivo de instalación de Mint WorkBench permite a un usuario con pocos privilegios ejecutar una operación de "reparación" en el producto • https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0305&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.38192870.478847987.1655218701-372504397.1647012599 • CWE-269: Improper Privilege Management •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-40776 – Adobe Lightroom Classic DLL Hijacking Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-40776
An authenticated attacker could leverage this vulnerability to escalate privileges. • https://helpx.adobe.com/security/products/lightroom/apsb21-97.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 2CVE-2022-29614 – SAP SAPControl Web Service Interface Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-29614
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. SAP startservice - de SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform y HANA Database - versiones KERNEL versiones 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49 49, 7.53, SAPHOSTAGENT 7.22, - en los sistemas Unix, el programa de ayuda s-bit sapuxuserchk, puede ser abusado físicamente resultando en una escalada de privilegios de un atacante que conlleva a un bajo impacto en la confidencialidad e integridad, pero un profundo impacto en la disponibilidad SAPControl Web Service Interface (sapstartsrv) suffers from a privilege escalation vulnerability via a race condition. • http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2022/Sep/18 https://launchpad.support.sap.com/#/notes/3158619 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31465
https://notcve.org/view.php?id=CVE-2022-31465
This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27502
https://notcve.org/view.php?id=CVE-2022-27502
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. • https://github.com/alirezac0/CVE-2022-27502 https://help.realvnc.com/hc/en-us/articles/360002478311-Are-there-any-known-security-vulnerabilities-#cve-2008-4770-moderate-%E2%80%94-only-affects-vnc-viewer--0-1 https://realvnc.com •