CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35944 – October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution)
https://notcve.org/view.php?id=CVE-2022-35944
13 Oct 2022 — October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched... • https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2022-42720 – kernel: use-after-free in bss_ref_get in net/wireless/scan.c
https://notcve.org/view.php?id=CVE-2022-42720
13 Oct 2022 — This issue can lead to a denial of service or arbitrary code execution. • http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-42906
https://notcve.org/view.php?id=CVE-2022-42906
13 Oct 2022 — powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. • https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34391
https://notcve.org/view.php?id=CVE-2022-34391
12 Oct 2022 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000203882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34390
https://notcve.org/view.php?id=CVE-2022-34390
12 Oct 2022 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000203882 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 580EXPL: 0CVE-2022-32493
https://notcve.org/view.php?id=CVE-2022-32493
12 Oct 2022 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000203758 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 580EXPL: 0CVE-2022-32489
https://notcve.org/view.php?id=CVE-2022-32489
12 Oct 2022 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000203758 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 580EXPL: 0CVE-2022-32488
https://notcve.org/view.php?id=CVE-2022-32488
12 Oct 2022 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000203758 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 580EXPL: 0CVE-2022-32487
https://notcve.org/view.php?id=CVE-2022-32487
12 Oct 2022 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000203758 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 580EXPL: 0CVE-2022-32485
https://notcve.org/view.php?id=CVE-2022-32485
12 Oct 2022 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000203758 • CWE-20: Improper Input Validation •