CVSS: 4.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-34258 – Adobe Commerce Stored XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-34258
16 Aug 2022 — Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Adobe Commerce versiones 2.4.3-p2 (y anteriores), 2.3.7-p3 (y anteriores) y 2.4.4 (y anteriores) están afectadas po... • https://helpx.adobe.com/security/products/magento/apsb22-38.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38193 – Code injection issue in Portal for ArcGIS (10.7.1 and 10.8.1)
https://notcve.org/view.php?id=CVE-2022-38193
16 Aug 2022 — There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution. • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2022-update-1-patch • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36010 – Arbitrary code execution via function parsing in react-editable-json-tree
https://notcve.org/view.php?id=CVE-2022-36010
15 Aug 2022 — This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/components/JsonFunctionValue.js). To do this, Javascript's [`eval`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval) function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be execute... • https://github.com/oxyno-zeta/react-editable-json-tree/releases/tag/2.2.2 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36262
https://notcve.org/view.php?id=CVE-2022-36262
15 Aug 2022 — An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. Se ha detectado un problema en taocms versión 3.0.2. en la configuración del sitio web que permite inyectar código php arbitrario al modificar el archivo config.php. • http://taocms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 16EXPL: 1CVE-2022-22630 – Apple macOS Remote Events Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22630
15 Aug 2022 — A remote user may cause an unexpected app termination or arbitrary code execution This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. • https://packetstorm.news/files/id/168247 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36006 – Authenticated remote code execution due to insecure deserialization (GHSL-2022-063)
https://notcve.org/view.php?id=CVE-2022-36006
14 Aug 2022 — Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This exists in all versions up to 2.4.1 and is fixed in 2.4.2. This vulnerability is specific to the Ruby on Rails Workbench application (“Workbench 1”). We do not believe any other Arvados components, including the Type... • https://arvados.org/release-notes/2.4.2 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 6.7EPSS: 0%CPEs: 75EXPL: 0CVE-2022-28634
https://notcve.org/view.php?id=CVE-2022-28634
11 Aug 2022 — A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us •
CVSS: 7.4EPSS: 0%CPEs: 75EXPL: 0CVE-2022-28635
https://notcve.org/view.php?id=CVE-2022-28635
11 Aug 2022 — A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us •
CVSS: 7.4EPSS: 0%CPEs: 75EXPL: 0CVE-2022-28636
https://notcve.org/view.php?id=CVE-2022-28636
11 Aug 2022 — A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us •
CVSS: 8.8EPSS: 0%CPEs: 75EXPL: 0CVE-2022-28632
https://notcve.org/view.php?id=CVE-2022-28632
11 Aug 2022 — A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04333en_us •