CVE-2022-27095
https://notcve.org/view.php?id=CVE-2022-27095
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. • https://www.exploit-db.com/exploits/50815 • CWE-428: Unquoted Search Path or Element •
CVE-2022-27094
https://notcve.org/view.php?id=CVE-2022-27094
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. • https://www.exploit-db.com/exploits/50817 • CWE-428: Unquoted Search Path or Element •
CVE-2022-26634
https://notcve.org/view.php?id=CVE-2022-26634
HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. • https://cxsecurity.com/issue/WLB-2022020111 https://www.exploit-db.com/exploits/50765 • CWE-428: Unquoted Search Path or Element •
CVE-2022-1356 – Cambium Networks cnMaestro use of Potentially Dangerous Function
https://notcve.org/view.php?id=CVE-2022-1356
cnMaestro is vulnerable to a local privilege escalation. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-0997 – Local Privilege Escalation Vulnerability in Fidelis Network and Deception
https://notcve.org/view.php?id=CVE-2022-0997
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a root user. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. Unos permisos de archivo inapropiados en los componentes CommandPost, Collector y Sensor de Fidelis Network and Deception permiten a un atacante con acceso local y administrativo a la CLI modificar los archivos de script afectados, lo que podría resultar en una ejecución de comandos arbitrarios como root tras el inicio de sesión de un usuario root. La vulnerabilidad está presente en Fidelis Network y Deception versiones anteriores a 9.4.5. • https://github.com/henryreed/CVE-2022-0997 https://fidelissecurity.zendesk.com/hc/en-us/articles/6211730139411 • CWE-276: Incorrect Default Permissions •