CVE-2022-37706 – Enlightenment v0.25.3 - Privilege escalation
https://notcve.org/view.php?id=CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring. enlightenment_sys en Enlightenment anterior a 0.25.4 permite a los usuarios locales obtener privilegios porque es setuid root, y la función de librería del sistema maneja mal los nombres de ruta que comienzan con una subcadena /dev/.. Enlightenment version 0.25.3 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/51180 https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit https://github.com/ECU-10525611-Xander/CVE-2022-37706 https://github.com/junnythemarksman/CVE-2022-37706 https://github.com/sanan2004/CVE-2022-37706 https://github.com/AleksPwn/CVE-2022-37706 https://github.com/TACTICAL-HACK/CVE-2022-37706-SUID https://github.com/GrayHatZone/CVE-2022-37706-LPE-exploit https://git.enlightenment.org/enlightenment/enlightenment/commit/cae78cbb169f237862faef123e4abaf63a1f5 • CWE-269: Improper Privilege Management •
CVE-2014-1846
https://notcve.org/view.php?id=CVE-2014-1846
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. Enlightenment, en versiones anteriores a la 0.17.6, podría permitir que los usuarios locales obtengan privilegios mediante el método gdb. • http://www.openwall.com/lists/oss-security/2014/02/03/19 https://bugzilla.redhat.com/show_bug.cgi?id=1059410 https://exchange.xforce.ibmcloud.com/vulnerabilities/91215 https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-1845
https://notcve.org/view.php?id=CVE-2014-1845
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. Un ayudante root setuid sin especificar en Enlightenment, en versiones anteriores a la 0.17.6, permite que usuarios locales obtengan privilegios aprovechando el error a la hora de sanear el entorno. • http://www.openwall.com/lists/oss-security/2014/02/03/19 https://bugzilla.redhat.com/show_bug.cgi?id=1059410 https://exchange.xforce.ibmcloud.com/vulnerabilities/91216 https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0 https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b • CWE-264: Permissions, Privileges, and Access Controls •