CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0CVE-2022-31226
https://notcve.org/view.php?id=CVE-2022-31226
12 Sep 2022 — A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/000202196 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-37767
https://notcve.org/view.php?id=CVE-2022-37767
12 Sep 2022 — Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. • https://github.com/PebbleTemplates/pebble/issues/625#issuecomment-1282138635 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38266 – Gentoo Linux Security Advisory 202312-01
https://notcve.org/view.php?id=CVE-2022-38266
09 Sep 2022 — Un problema en la biblioteca enlazada Leptonica (v1.79.0) permite a los atacantes provocar una excepción aritmética que conduce a una denegación de servicio (DoS) a través de un archivo JPEG manipulado Several vulnerabilities have been found in Leptonice, the worst of which could lead to arbitrary code execution. • https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614 • CWE-369: Divide By Zero •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 2CVE-2022-36100 – XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
https://notcve.org/view.php?id=CVE-2022-36100
08 Sep 2022 — XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document `Main.Tags` in XWiki didn't sanitize user inputs properly. This allowed users with view rights on the document (default in a public wiki or for authenticated users on private wikis) to execute arbitrary Groovy, Python and Velocity code with programming rights. T... • https://github.com/xwiki/xwiki-platform/commit/604868033ebd191cf2d1e94db336f0c4d9096427 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.9EPSS: 1%CPEs: 3EXPL: 1CVE-2022-36099 – XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-36099
08 Sep 2022 — XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request (URL parameter) using the `XWikiServerClassSheet` if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a public read-only XWiki instal... • https://github.com/xwiki/xwiki-platform/commit/fc77f9f53bc65a4a9bfae3d5686615309c0c76cc • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-36069 – Poetry Argument Injection vulnerability can lead to local Code Execution
https://notcve.org/view.php?id=CVE-2022-36069
07 Sep 2022 — Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are constructed using user input (e.g. the repository URL). When building the commands, Poetry correctly avoids Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optio... • https://github.com/python-poetry/poetry/releases/tag/1.1.9 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36070 – Poetry's Untrusted Search Path can lead to Local Code Execution on Windows
https://notcve.org/view.php?id=CVE-2022-36070
07 Sep 2022 — This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. • https://github.com/python-poetry/poetry/releases/tag/1.1.9 • CWE-426: Untrusted Search Path •
CVSS: 7.9EPSS: 0%CPEs: 800EXPL: 0CVE-2022-26861
https://notcve.org/view.php?id=CVE-2022-26861
06 Sep 2022 — A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM. • https://www.dell.com/support/kbdoc/000202194 • CWE-1038: Insecure Automated Optimizations •
CVSS: 7.8EPSS: 0%CPEs: 800EXPL: 0CVE-2022-26860
https://notcve.org/view.php?id=CVE-2022-26860
06 Sep 2022 — A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM. • https://www.dell.com/support/kbdoc/000202194 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36039 – Out-of-bounds write when parsing DEX files in Rizin
https://notcve.org/view.php?id=CVE-2022-36039
06 Sep 2022 — Multiple vulnerabilities have been discovered in Rizin, the worst of which could lead to arbitrary code execution. • https://github.com/rizinorg/rizin/commit/1524f85211445e41506f98180f8f69f7bf115406 • CWE-787: Out-of-bounds Write •