CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32935 – Cognex In-Sight OPC Server - Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2021-32935
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. • https://www.cisa.gov/uscert/ics/advisories/icsa-21-224-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2022-22973
https://notcve.org/view.php?id=CVE-2022-22973
A malicious actor with local access can escalate privileges to 'root'. • https://www.vmware.com/security/advisories/VMSA-2022-0014.html •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29179 – Improper Privilege Management in Cilium
https://notcve.org/view.php?id=CVE-2022-29179
Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed, the attacker can escalate privileges to cluster admin by using Cilium's Kubernetes service account. • https://github.com/cilium/cilium/releases/tag/v1.10.11 https://github.com/cilium/cilium/releases/tag/v1.11.5 https://github.com/cilium/cilium/releases/tag/v1.9.16 https://github.com/cilium/cilium/security/advisories/GHSA-fmrf-gvjp-5j5g • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31245
https://notcve.org/view.php?id=CVE-2022-31245
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. mailcow versiones anteriores a 2022-05d, permite a un usuario remoto autenticado inyectar comandos del Sistema Operativo y escalar privilegios a administrador del dominio por medio de la opción --debug junto con la opción ---PIPEMESS en Sync Jobs • https://github.com/ly1g3/Mailcow-CVE-2022-31245 https://github.com/mailcow/mailcow-dockerized/releases/tag/2022-05d • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29320
https://notcve.org/view.php?id=CVE-2022-29320
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. • https://www.exploit-db.com/exploits/50859 • CWE-428: Unquoted Search Path or Element •