CVE-2021-44049
https://notcve.org/view.php?id=CVE-2021-44049
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. CyberArk Endpoint Privilege Manager (EPM) versiones hasta 11.5.3.328 anteriores a 20-12-2021, permite a un usuario local alcanzar privilegios elevados por medio de un troyano Procmon64.exe en el directorio Temp del usuario • https://docs.cyberark.com/Product-Doc/OnlineHelp/EPM-onprem/Latest/en/Content/Release%20Notes/RN-WhatsNew.htm https://hencohen10.medium.com/cyberark-endpoint-manager-local-privilege-escalation-cve-2021-44049-67cd5e62c3d2 https://www.cyberark.com/ca21-34 https://www.cyberark.com/product-security • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2022-22990 – Limited authentication bypass vulnerability on Western Digital My Cloud devices
https://notcve.org/view.php?id=CVE-2022-22990
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. • https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 https://www.zerodayinitiative.com/advisories/ZDI-22-076 https://www.zerodayinitiative.com/advisories/ZDI-22-347 • CWE-287: Improper Authentication CWE-697: Incorrect Comparison •
CVE-2022-23131 – Zabbix Frontend Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-23131
Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. • https://github.com/jweny/CVE-2022-23131 https://github.com/kh4sh3i/CVE-2022-23131 https://github.com/Kazaf6s/CVE-2022-23131 https://github.com/1mxml/CVE-2022-23131 https://github.com/r10lab/CVE-2022-23131 https://github.com/trganda/CVE-2022-23131 https://github.com/Vulnmachines/Zabbix-CVE-2022-23131 https://github.com/pykiller/CVE-2022-23131 https://support.zabbix.com/browse/ZBX-20350 • CWE-290: Authentication Bypass by Spoofing •
CVE-2021-34999 – OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34999
An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. • https://www.zerodayinitiative.com/advisories/ZDI-22-073 • CWE-908: Use of Uninitialized Resource •
CVE-2022-0015 – Cortex XDR Agent: An Uncontrolled Search Path Element Leads to Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2022-0015
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges. • https://security.paloaltonetworks.com/CVE-2022-0015 • CWE-427: Uncontrolled Search Path Element •