CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35847
https://notcve.org/view.php?id=CVE-2022-35847
06 Sep 2022 — An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en el motor de plantillas [CWE-1336] en la interfaz de administración de FortiSOAR versiones 7.2.0, 7.0.0 hasta 7.0.3, 6.4.0 hasta 6.4.4 puede permitir a... • https://fortiguard.com/psirt/FG-IR-22-306 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36044 – Rizin Out-of-bounds Write vulnerability in Lua binary plugin
https://notcve.org/view.php?id=CVE-2022-36044
06 Sep 2022 — Multiple vulnerabilities have been discovered in Rizin, the worst of which could lead to arbitrary code execution. • https://github.com/rizinorg/rizin/commit/05bbd147caccc60162d6fba9baaaf24befa281cd • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36042 – Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin
https://notcve.org/view.php?id=CVE-2022-36042
06 Sep 2022 — Multiple vulnerabilities have been discovered in Rizin, the worst of which could lead to arbitrary code execution. • https://github.com/rizinorg/rizin/commit/556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38530 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2022-38530
06 Sep 2022 — Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/2216 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36040 – Rizin Out-of-bounds Write vulnerability in pyc/marshal.c
https://notcve.org/view.php?id=CVE-2022-36040
06 Sep 2022 — Multiple vulnerabilities have been discovered in Rizin, the worst of which could lead to arbitrary code execution. • https://github.com/rizinorg/rizin/commit/68948017423a12786704e54227b8b2f918c2fd27 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36041 – Rizin Out-of-bounds Write vulnerability in Mach-O binary plugin
https://notcve.org/view.php?id=CVE-2022-36041
06 Sep 2022 — Multiple vulnerabilities have been discovered in Rizin, the worst of which could lead to arbitrary code execution. • https://github.com/rizinorg/rizin/commit/7323e64d68ecccfb0ed3ee480f704384c38676b2 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36043 – Rizin Double Free in bobj.c when using qnx binary plugin
https://notcve.org/view.php?id=CVE-2022-36043
06 Sep 2022 — Multiple vulnerabilities have been discovered in Rizin, the worst of which could lead to arbitrary code execution. • https://github.com/rizinorg/rizin/commit/a3d50c1ea185f3f642f2d8180715f82d98840784 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25813 – Server-Side Template Injection affecting the ecommerce plugin of Apache OFBiz
https://notcve.org/view.php?id=CVE-2022-25813
02 Sep 2022 — In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. En Apache OFBiz, versiones 18.12.05 y anteriores, un atacante que actúe como usuario anónimo del plugin de comercio electrónico, puede insertar un contenido malicioso en el campo "Subject"... • https://github.com/mbadanoiu/CVE-2022-25813 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38475 – Gentoo Linux Security Advisory 202208-37
https://notcve.org/view.php?id=CVE-2022-38475
01 Sep 2022 — Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1773266 • CWE-863: Incorrect Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38474 – Gentoo Linux Security Advisory 202208-37
https://notcve.org/view.php?id=CVE-2022-38474
01 Sep 2022 — Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1719511 • CWE-668: Exposure of Resource to Wrong Sphere •