CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33730
https://notcve.org/view.php?id=CVE-2022-33730
05 Aug 2022 — Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33721
https://notcve.org/view.php?id=CVE-2022-33721
05 Aug 2022 — A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. Una vulnerabilidad que usa PendingIntent en DeX para PC versiones anteriores a SMR Aug-2022 Release 1, permite a atacantes acceder a los archivos con privilegio system • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33725
https://notcve.org/view.php?id=CVE-2022-33725
05 Aug 2022 — A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. Una vulnerabilidad usando PendingIntent en Knox VPN versiones anteriores a SMR Aug-2022 Release 1, permite a atacantes acceder a los proveedores de contenido con privilegio del sistema • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2636 – Code Injection in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2022-2636
05 Aug 2022 — Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. • https://github.com/hestiacp/hestiacp/commit/b178b9719bb2c98cf8a6db70065086f596afad81 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37396
https://notcve.org/view.php?id=CVE-2022-37396
03 Aug 2022 — In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution En JetBrains Rider versiones anteriores a 2022.2, el diálogo confiable y de apertura de proyectos puede ser evitada, conllevando a una ejecución de código local • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34625
https://notcve.org/view.php?id=CVE-2022-34625
02 Aug 2022 — Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. Se ha detectado que Mealie versión 1.0.0beta3, contiene una vulnerabilidad de inyección de plantillas del lado del servidor, que permite a atacantes ejecutar código arbitrario por medio de una plantilla Jinja2 diseñada • https://cwe.mitre.org/data/definitions/1336.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31179 – Insufficient escaping of line feeds for CMD in shescape
https://notcve.org/view.php?id=CVE-2022-31179
01 Aug 2022 — Versions prior to 1.5.8 were found to be subject to code injection on windows. • https://github.com/ericcornelissen/shescape/pull/332 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-36799
https://notcve.org/view.php?id=CVE-2022-36799
01 Aug 2022 — This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in veloc... • https://jira.atlassian.com/browse/JRASERVER-73582 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30083
https://notcve.org/view.php?id=CVE-2022-30083
29 Jul 2022 — EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. • https://portswigger.net/support/using-burp-to-test-for-code-injection-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 15EXPL: 0CVE-2021-22646 – Ovarro TBox Code Injection
https://notcve.org/view.php?id=CVE-2021-22646
28 Jul 2022 — The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. El paquete "ipk" que contiene la configuración creada por TWinSoft puede ser cargado, extraído y ejecutado en Ovarro TBox, permitiendo la ejecución de código malicioso • https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04 •