CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-41794 – Debian Security Advisory 5384-1
https://notcve.org/view.php?id=CVE-2022-41794
22 Dec 2022 — A specially-crafted PSD file can lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41639 – Debian Security Advisory 5384-1
https://notcve.org/view.php?id=CVE-2022-41639
22 Dec 2022 — A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. • https://security.gentoo.org/glsa/202305-33 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38143 – Gentoo Linux Security Advisory 202305-33
https://notcve.org/view.php?id=CVE-2022-38143
22 Dec 2022 — A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. ... Multiple vulnerabilities have been found in OpenImageIO, the worst of which could result in arbitrary code execution. • https://security.gentoo.org/glsa/202305-33 • CWE-123: Write-what-where Condition CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44510 – AEM Reflected XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-44510
22 Dec 2022 — Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Adobe Experience Manager versión 6.5.14 (y anteriores) se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) reflejado. Si un atacante con pocos privilegios puede convencer a una víc... • https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47896
https://notcve.org/view.php?id=CVE-2022-47896
22 Dec 2022 — In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46101
https://notcve.org/view.php?id=CVE-2022-46101
22 Dec 2022 — AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code. Se descubrió que AyaCMS v3.1.2 tenía un fallo de código en el archivo ust_sql.inc.php, que permite a los atacantes provocar la ejecución de comandos insertando código malicioso. • https://github.com/loadream/AyaCMS/issues/6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46875 – Gentoo Linux Security Advisory 202305-06
https://notcve.org/view.php?id=CVE-2022-46875
22 Dec 2022 — Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1786188 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40145 – Apache Karaf: JDBC JAAS LDAP injection
https://notcve.org/view.php?id=CVE-2022-40145
21 Dec 2022 — This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. ... This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. • https://karaf.apache.org/security/cve-2022-40145.txt • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-25893 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-25893
21 Dec 2022 — The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. • https://github.com/patriksimek/vm2/issues/444 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44466 – AEM Reflected XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-44466
19 Dec 2022 — Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Adobe Experience Manager versión 6.5.14 (y anteriores) se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado. Si un atacante con pocos privilegios puede convencer a una víc... • https://helpx.adobe.com/security/products/experience-manager/apsb22-59.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •