CVE-2022-21895 – Windows User Profile Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-21895
Este ID de CVE es diferente de CVE-2022-21919 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21895 https://www.zerodayinitiative.com/advisories/ZDI-22-050 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-21877 – Storage Spaces Controller Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-21877
An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21877 https://www.zerodayinitiative.com/advisories/ZDI-22-048 • CWE-125: Out-of-bounds Read •
CVE-2022-21876 – Win32k Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-21876
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21876 https://www.zerodayinitiative.com/advisories/ZDI-22-051 • CWE-125: Out-of-bounds Read •
CVE-2022-21838 – Windows Cleanup Manager Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-21838
Windows Cleanup Manager Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Cleanup Manager This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21838 https://www.zerodayinitiative.com/advisories/ZDI-22-049 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-45231 – Trend Micro Apex One Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-45231
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. ... Nota: un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/solution/000289996 https://www.zerodayinitiative.com/advisories/ZDI-22-013 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •