CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2866 – FATEK Automation FvDesigner Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-2866
25 Aug 2022 — If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-237-01 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2022-38078
https://notcve.org/view.php?id=CVE-2022-38078
24 Aug 2022 — Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, an... • https://jvn.jp/en/jp/JVN57728859/index.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20304 – Gentoo Linux Security Advisory 202210-31
https://notcve.org/view.php?id=CVE-2021-20304
23 Aug 2022 — Multiple vulnerabilities have been discovered in OpenEXR, the worst of which could result in arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2021-20304 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38171 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2022-38171
22 Aug 2022 — Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2655 – Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2655
22 Aug 2022 — The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting El plugin Classified Listing Pro de WordPress versiones anteriores a 2.0.20, no escapa de una URL generada antes de devolverla a un atributo en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado The Classified Listing Pro plugin for WordPress is vulnerable to Reflected Cross-... • https://wpscan.com/vulnerability/acc9675a-56f6-411a-9594-07144c2aad1b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-2654 – Classima < 2.1.11 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2654
22 Aug 2022 — The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting El tema Classima de WordPress versiones anteriores a 2.1.11 y algunos de sus plugins necesarios (Classified Listing versiones anteriores a 2.2.14, Classified Listing Pro v... • https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0CVE-2022-32893 – Apple iOS and macOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2022-32893
19 Aug 2022 — Processing maliciously crafted web content may lead to arbitrary code execution. ... This flaw allows an attacker with network access to pass specially crafted web content files, causing arbitrary code execution. ... If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. • http://seclists.org/fulldisclosure/2022/Aug/16 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35976 – Improper KubeConfig handling allows arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-35976
18 Aug 2022 — A specially crafted kubeconfig leads to arbitrary code execution on behalf of the user running VSCode. ... Please note that the vulnerability is specific to this extension, and the same kubeconfig would not result in arbitrary code execution when used with kubectl. • https://github.com/weaveworks/vscode-gitops-tools/security/advisories/GHSA-287h-vjhw-jqf7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35975 – Improper object validation allows for arbitrary code execution in GitOps Tools Extension for VSCode
https://notcve.org/view.php?id=CVE-2022-35975
18 Aug 2022 — The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that are shared amongst other users are affected by this issue. The only safe mitigation is to update to the latest version of the extension. La extensión de GitOps Tools para VSCode puede facilitar la administración de ob... • https://github.com/weaveworks/vscode-gitops-tools/security/advisories/GHSA-873x-829r-gxcp • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29549 – Qualys Cloud Agent Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-29549
18 Aug 2022 — The Unqork Security team discovered multiple security vulnerabilities in the Qualys Cloud Agent including arbitrary code execution. • http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html • CWE-354: Improper Validation of Integrity Check Value •