CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-38415 – Adobe InDesign PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-38415
14 Sep 2022 — Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb22-50.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0CVE-2022-40674 – expat: a use-after-free in the doContent function in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-40674
14 Sep 2022 — Using this vulnerability in the doContent function allows an attacker to triage a denial of service or potentially arbitrary code execution. • https://github.com/libexpat/libexpat/pull/629 • CWE-416: Use After Free •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36113 – Extracting malicious crates can corrupt arbitrary files
https://notcve.org/view.php?id=CVE-2022-36113
14 Sep 2022 — Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnera... • https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36114 – Extracting malicious crates can fill the file system
https://notcve.org/view.php?id=CVE-2022-36114
14 Sep 2022 — Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. • https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2022-38414 – Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-38414
14 Sep 2022 — Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb22-50.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39207 – Persistent XSS in OneDev
https://notcve.org/view.php?id=CVE-2022-39207
13 Sep 2022 — In the worst case, this can lead to arbitrary code execution on the server, because admins can create Server Shell Executors and use them to run any command on the server. • https://blog.sonarsource.com/onedev-remote-code-execution • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32891 – webkitgtk: UI spoofing while Visiting a website that frames malicious content
https://notcve.org/view.php?id=CVE-2022-32891
13 Sep 2022 — Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. • https://security.gentoo.org/glsa/202305-32 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32912 – Apple WebKit WebGL2 drawRangeElements Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-32912
13 Sep 2022 — Processing maliciously crafted web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-32886 – webkitgtk: buffer overflow issue was addressed with improved memory handling
https://notcve.org/view.php?id=CVE-2022-32886
13 Sep 2022 — Processing maliciously crafted web content may lead to arbitrary code execution. ... Processing maliciously crafted web content may lead to arbitrary code execution. ... If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2979 – Omron CX-Programmer
https://notcve.org/view.php?id=CVE-2022-2979
12 Sep 2022 — Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09 • CWE-416: Use After Free •