CVE-2022-26688 – Apple macOS PackageKit PKCoreShove Link Following System Integrity Protection Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-26688
An attacker can leverage this vulnerability to escalate privileges and modify the contents of system files. • https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213184 https://support.apple.com/en-us/HT213185 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-22676 – Apple macOS PackageKit PKInstallService Directory Traversal System Integrity Protection Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-22676
An attacker can leverage this vulnerability to escalate privileges and delete files normally protected from the user. • https://support.apple.com/en-us/HT213054 •
CVE-2022-30700 – Trend Micro Apex One Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30700
Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291008 https://www.zerodayinitiative.com/advisories/ZDI-22-790 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2022-30701 – Trend Micro Apex One Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30701
Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000291008 https://www.zerodayinitiative.com/advisories/ZDI-22-797 • CWE-427: Uncontrolled Search Path Element •
CVE-2022-29333
https://notcve.org/view.php?id=CVE-2022-29333
A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. • http://cyberlink.com http://power.com https://www.youtube.com/watch?v=r75k-ae3_ng https://youtu.be/B46wtd-ZNog • CWE-269: Improper Privilege Management •