CVSS: 7.8EPSS: 0%CPEs: 774EXPL: 0CVE-2022-27541
https://notcve.org/view.php?id=CVE-2022-27541
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. • https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 774EXPL: 0CVE-2022-27539
https://notcve.org/view.php?id=CVE-2022-27539
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. • https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 86%CPEs: 1EXPL: 1CVE-2023-34468 – Apache NiFi: Potential Code Injection with Database Services using H2
https://notcve.org/view.php?id=CVE-2023-34468
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue. • https://github.com/mbadanoiu/CVE-2023-34468 http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html http://www.openwall.com/lists/oss-security/2023/06/12/3 https://lists.apache.org/thread/7b82l4f5blmpkfcynf3y6z4x1vqo59h8 https://nifi.apache.org/security.html#CVE-2023-34468 https://www.cyfirma.com/outofband/apache-nifi-cve-2023-34468-rce-vulnerability-analysis-and-exploitation https://issues.apache.org/jira/browse/NIFI-11653 https://nifi.apache.org/secu • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-16283
https://notcve.org/view.php?id=CVE-2019-16283
A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. • https://support.hp.com/us-en/document/c06541912 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34112 – JavaCPP project actions vulnerable to code injection
https://notcve.org/view.php?id=CVE-2023-34112
JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-presets` use the `github.event.head_commit.message` parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection vulnerability due to string interpolation. No exploitation has been reported. This issue has been addressed in version 1.5.9. • https://github.com/bytedeco/javacpp-presets/security/advisories/GHSA-36rx-hq22-jm5x https://securitylab.github.com/research/github-actions-untrusted-input • CWE-94: Improper Control of Generation of Code ('Code Injection') •