| 1278 | Symlinks as mount portals: Abusing container mount points on MikroTik%27s RouterOS to gain code execution |
Container escape
Local Privilege Escalation |
MikroTik |
nns |
Bug Bounty | 2022-08-05 | 2023-06-13 |
| 1277 | CVE-2022-31660 and CVE-2022-31661 (FIXED): VMware Workspace ONE Access, Identity Manager, and vRealize Automation LPE |
Local Privilege Escalation |
VMware |
Spencer McIntyre (@zeroSteiner) |
Bug Bounty | 2022-08-05 | 2023-06-13 |
| 1276 | Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI |
Local Privilege Escalation
Cloud |
Microsoft |
Nir Ohfeld (@nirohfeld) |
Bug Bounty | 2022-08-05 | 2023-06-13 |
| 1264 | From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager |
Authentication bypass
Information disclosure
Local Privilege Escalation |
VMware |
Steven Seeley (@steventseeley) |
Bug Bounty | 2022-08-09 | 2023-06-13 |
| 1261 | The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) |
Memory corruption
Race condition
Local Privilege Escalation
Android |
Linux Kernel Organization
Google
Samsung |
Xingyu Jin |
Bug Bounty | 2022-08-10 | 2023-06-13 |
| 1249 | Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software |
RCE
OS command injection
Local Privilege Escalation
MiTM |
Cisco |
Jake Baines (@Junior_Baines) |
Bug Bounty | 2022-08-11 | 2023-06-13 |
| 1247 | Attacking Titan M with Only One Byte |
Memory corruption
Local Privilege Escalation |
Google |
Damiano Melotti (@DamianoMelotti) |
Bug Bounty | 2022-08-11 | 2023-06-13 |
| 1246 | The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors |
Privilege escalation
Cross-tenant vulnerability
OS command injection
Local Privilege Escalation
Cloud |
Google
Microsoft
Aiven |
Shir Tamari (@shirtamari) |
Bug Bounty | 2022-08-11 | 2023-06-13 |
| 1245 | IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit |
Authentication bypass
Information disclosure
CSRF
RCE
Local Privilege Escalation |
VMware |
Steven Seeley (@steventseeley) |
Bug Bounty | 2022-08-11 | 2023-06-13 |
| 1241 | Process injection: breaking all macOS security layers with a single vulnerability |
Local Privilege Escalation
Process injection vulnerability |
Apple |
Thijs Alkemade (@xnyhps) |
Bug Bounty | 2022-08-12 | 2023-06-13 |
| 1226 | Hacking Zyxel IP cameras to gain a root shell |
Missing authentication
DoS
Information disclosure
Local Privilege Escalation |
Zyxel |
Eric Urban |
Bug Bounty | 2022-08-14 | 2023-06-13 |
| 1216 | FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug |
Memory corruption
Local Privilege Escalation |
FreeBSD Security Team |
Chris (@accessvector) |
Bug Bounty | 2022-08-16 | 2023-06-13 |
| 1190 | Vulnerability in Linux containers – investigation and mitigation |
Local Privilege Escalation |
Moby Project |
Steven Murdoch (@sjmurdoch) |
Bug Bounty | 2022-08-22 | 2023-06-13 |
| 1187 | Break Me Out Of Sandbox In Old Pipe - CVE-2022-22715 Windows Dirty Pipe |
Local Privilege Escalation |
Microsoft |
k0shl (@KeyZ3r0) |
Bug Bounty | 2022-08-23 | 2023-06-13 |
| 1175 | SSD Advisory – VhdmpiValidateVirtualDiskSurface LPE |
Local Privilege Escalation |
Windows |
Sana Oshika (@bigshika) |
Bug Bounty | 2022-08-26 | 2023-06-13 |
| 1160 | Blind Exploits To Rule Watchguard Firewalls |
XPath injection
Memory corruption
Local Privilege Escalation
RCE |
WatchGuard |
Charles Fol (@cfreal_) |
Bug Bounty | 2022-08-29 | 2023-06-13 |
| 1152 | CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM |
Arbitrary file write
Local Privilege Escalation |
Fortinet |
David Yesland (@daveysec) |
Bug Bounty | 2022-08-30 | 2023-06-13 |
| 1146 | SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250) |
Memory corruption
Local Privilege Escalation |
Ubuntu
Linux Kernel Organization |
Cedric Halbronn (@saidelike) |
Bug Bounty | 2022-09-01 | 2023-06-13 |
| 1143 | Azure Synapse: Local Privilege Escalation Vulnerability in Spark |
Race condition
Local Privilege Escalation
Cloud |
Microsoft |
Tzah Pahima (@TzahPahima) |
Bug Bounty | 2022-09-01 | 2023-06-13 |
| 1141 | Google & Apache Found Vulnerable to GitHub Environment Injection |
Privilege escalation
CI/CD |
Google
Apache |
Noam Dotan |
Bug Bounty | 2022-09-01 | 2023-06-13 |
| 1133 | Simple IBM I (AS/400) Hacking |
Local Privilege Escalation
Midrange system
Menu security |
NA |
pz |
Bug Bounty | 2022-09-05 | 2023-06-13 |
| 1132 | SSD Advisory – Linux CONFIG_WATCH_QUEUE LPE |
Memory corruption
Race condition
Local Privilege Escalation |
Ubuntu
Linux Kernel Organization |
- |
Bug Bounty | 2022-09-05 | 2023-06-13 |
| 1131 | Hacking My Helium Crypto Miner |
Hardcoded credentials
Missing authentication
RCE
Local Privilege Escalation |
Pycom |
Md. Asif Hossain (@0x0asif) |
Bug Bounty | 2022-09-05 | 2023-06-13 |
| 1120 | Quasar: Compromising Electron Apps |
Local Privilege Escalation |
Microsoft |
Taggart (@mttaggart) |
Bug Bounty | 2022-09-06 | 2023-06-13 |
| 1106 | Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution |
Arbitrary Code Execution
Local Privilege Escalation |
AVEVA |
Daan Keuper (@daankeuper) |
Bug Bounty | 2022-09-08 | 2023-06-13 |
