CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34383
https://notcve.org/view.php?id=CVE-2022-34383
31 Aug 2022 — A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. • https://www.dell.com/support/kbdoc/en-us/000202711 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24106 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2022-24106
30 Aug 2022 — En Xpdf versiones anteriores a 4.04, el descodificador DCT (JPEG) permitía de forma incorrecta cambiar el flag "interleaved" después del primer escaneo de la imagen, conllevando a una vulnerabilidad desconocida relacionada con los enteros en Stream.cc Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution. • http://www.xpdfreader.com/security-fixes.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24107 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2022-24107
30 Aug 2022 — Xpdf versiones anteriores a 4.04, carece de una comprobación de desbordamiento de enteros en el archivo JPXStream.cc Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution. • http://www.xpdfreader.com/security-fixes.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36036 – Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
https://notcve.org/view.php?id=CVE-2022-36036
29 Aug 2022 — mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds. mdx-mermaid proporciona acceso plug and play a Mermaid en MDX. • https://github.com/sjwall/mdx-mermaid/commit/f2b99386660fd13316823529c3f1314ebbcdfd2a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25921 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-25921
29 Aug 2022 — All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. • https://github.com/indexzero/morgan-json/blob/3a76010215a4256d41687d082cd66c4f00ea5717/index.js%23L46 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25644 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-25644
29 Aug 2022 — All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. • https://github.com/pendo324/get-process-by-name-js/blob/34e8a279a94fa23acb13e302e9516ab1ea8d8731/index.js%23L27-L28 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37053
https://notcve.org/view.php?id=CVE-2022-37053
28 Aug 2022 — TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. TRENDnet TEW733GR versión v1.03B01, es vulnerable a una inyección de comandos por medio del archivo /htdocs/upnpinc/gena.php. • http://trendnet.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36756
https://notcve.org/view.php?id=CVE-2022-36756
28 Aug 2022 — DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. DIR845L A1 versión v1.00-v1.03, es vulnerable a una inyección de comandos por medio del archivo /htdocs/upnpinc/gena.php. • https://drive.google.com/file/d/1S9MODTsa70LS3UPFY1ohyPJXtqr17IkQ/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4216 – Gentoo Linux Security Advisory 202408-29
https://notcve.org/view.php?id=CVE-2021-4216
26 Aug 2022 — Multiple vulnerabilities have been discovered in MuPDF, the worst of which could lead to arbitrary code execution. • https://bugs.ghostscript.com/show_bug.cgi?id=704834 • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 0%CPEs: 288EXPL: 0CVE-2022-20824 – Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-20824
25 Aug 2022 — A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected de... • https://security.netapp.com/advisory/ntap-20220923-0001 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •