CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46280
https://notcve.org/view.php?id=CVE-2022-46280
A specially crafted malformed file can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670 • CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43467
https://notcve.org/view.php?id=CVE-2022-43467
A specially crafted malformed file can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37331
https://notcve.org/view.php?id=CVE-2022-37331
A specially crafted malformed file can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1672 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37903 – Sandbox Escape in vm2
https://notcve.org/view.php?id=CVE-2023-37903
This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. • https://github.com/7h3h4ckv157/CVE-2023-37903 https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4 https://security.netapp.com/advisory/ntap-20230831-0007 https://access.redhat.com/security/cve/CVE-2023-37903 https://bugzilla.redhat.com/show_bug.cgi?id=2224969 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35087 – ASUS RT-AX56U V2 & RT-AC86U - Format String - 2
https://notcve.org/view.php?id=CVE-2023-35087
An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529. • https://www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html • CWE-134: Use of Externally-Controlled Format String •