{"uuid": "2e28c776-f470-4f4c-8809-5b9d9cf2de8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-37706", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11681", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-37706\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.\n\ud83d\udccf Published: 2022-12-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T18:35:47.079Z\n\ud83d\udd17 References:\n1. https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit\n2. https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141\n3. https://git.enlightenment.org/enlightenment/enlightenment/commit/cae78cbb169f237862faef123e4abaf63a1f5064", "creation_timestamp": "2025-04-14T18:54:12.000000Z"}