CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43591
https://notcve.org/view.php?id=CVE-2022-43591
12 Jan 2023 — A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4743 – Gentoo Linux Security Advisory 202305-18
https://notcve.org/view.php?id=CVE-2022-4743
12 Jan 2023 — Multiple vulnerabilities have been found in libsdl2, the worst of which could result in arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2022-4743 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2022-4498 – A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.
https://notcve.org/view.php?id=CVE-2022-4498
11 Jan 2023 — This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution. • https://kb.cert.org/vuls/id/572615 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46176 – Cargo did not verify SSH host keys
https://notcve.org/view.php?id=CVE-2022-46176
11 Jan 2023 — Multiple vulnerabilities have been discovered in Rust, the worst of which could lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2023/11/05/6 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.0EPSS: 52%CPEs: 2EXPL: 2CVE-2023-22952 – Multiple SugarCRM Products Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-22952
11 Jan 2023 — In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. En SugarCRM antes de la 12.0. Hotfix 91155, una solicitud manipulada puede inyectar código PHP personalizado a través de EmailTemplates debido a que falta una validación de entrada. Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. • https://packetstorm.news/files/id/171320 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2021-26398
https://notcve.org/view.php?id=CVE-2021-26398
10 Jan 2023 — Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 294EXPL: 0CVE-2021-26316
https://notcve.org/view.php?id=CVE-2021-26316
10 Jan 2023 — Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031 • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0022 – Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)
https://notcve.org/view.php?id=CVE-2023-0022
10 Jan 2023 — SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application. • https://launchpad.support.sap.com/#/notes/3262810 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4705 – Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation
https://notcve.org/view.php?id=CVE-2022-4705
10 Jan 2023 — The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704. WordPress Royal Elementor add-ons versions 1.3.59 and below suffer from cross site request forger... • https://www.wordfence.com/threat-intel/vulnerabilities/id/0a941aef-85f6-4719-b6ab-ace77a03e93e • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22853 – Tiki Wiki CMS Groupware 24.0 structlib.php Code Execution
https://notcve.org/view.php?id=CVE-2023-22853
10 Jan 2023 — Tiki Wiki CMS Groupware versions 24.0 and below suffer from a PHP code injection vulnerability in structlib.php. • https://packetstorm.news/files/id/170433 • CWE-94: Improper Control of Generation of Code ('Code Injection') •