CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37009
https://notcve.org/view.php?id=CVE-2022-37009
28 Jul 2022 — In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible En JetBrains IntelliJ IDEA versiones anteriores a 2022.2, era posible una ejecución de código local por medio de un ejecutable Vagrant • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34568 – Gentoo Linux Security Advisory 202305-17
https://notcve.org/view.php?id=CVE-2022-34568
28 Jul 2022 — Se ha detectado que SDL versión v1.2, contenía un uso de memoria previamente libarada por medio de la función XFree en el archivo /src/video/x11/SDL_x11yuv.c Multiple vulnerabilities have been found in libsdl, the worst of which could result in arbitrary code execution. • https://github.com/libsdl-org/SDL-1.2/issues/863 • CWE-416: Use After Free •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2549 – NULL Pointer Dereference in gpac/gpac
https://notcve.org/view.php?id=CVE-2022-2549
27 Jul 2022 — Una Desreferencia de Puntero NULL en el repositorio de GitHub gpac/gpac versiones anteriores a 2.1.0-DEV Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/commit/0102c5d4db7fdbf08b5b591b2a6264de33867a07 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34612 – Gentoo Linux Security Advisory 202209-06
https://notcve.org/view.php?id=CVE-2022-34612
27 Jul 2022 — Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio de un binario diseñado Multiple vulnerabilities have been discovered in Rizin, the worst of which could lead to arbitrary code execution. • https://github.com/rizinorg/rizin/issues/2738 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-30276
https://notcve.org/view.php?id=CVE-2022-30276
26 Jul 2022 — The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. ... Motorola MOSCAD and ACE line of RTUs versiones hasta 02-05-2022, omiten un requisito de autenticación. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-04 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30270
https://notcve.org/view.php?id=CVE-2022-30270
26 Jul 2022 — Access to this interface is controlled by 5 preconfigured accounts (root, abuilder, acelogin, cappl, ace), all of which come with default credentials. Although the ACE1000 documentation mentions the root, abuilder and acelogin accounts and instructs users to change the default credentials, the cappl and ace accounts remain undocumented and thus are unlikely to have their credentials changed. ... El acceso a esta interfaz está controlado por 5 cuentas preconfiguradas (root, abuilder, acelogin, ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30275
https://notcve.org/view.php?id=CVE-2022-30275
26 Jul 2022 — It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. ... Usa un controlador MDLC para comunicarse con las RTU de MOSCAD/ACE con fines de ingeniería. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 1CVE-2022-35649
https://notcve.org/view.php?id=CVE-2022-35649
25 Jul 2022 — The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. La vulnerabilidad fue encontrada en Moodle, ocurre debido a una comprobación de entrada inapropiada cuando se analiza el código PostScript. Un parámetro de ejecución omitido ... • https://github.com/antoinenguyen-09/CVE-2022-35649 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 2CVE-2020-7677 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2020-7677
25 Jul 2022 — This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. Esto afecta al paquete thenify antes de la versión 3.3.1. El argumento del nombre proporcionado al paquete puede ser controlado por los usuarios sin ningún tipo de sanitización, y este es proporcionado a la función eval sin ninguna sanitización It was discovered that thenify incorrectly handled certai... • https://github.com/thenables/thenify/blob/master/index.js%23L17 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7678 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2020-7678
25 Jul 2022 — This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js". Esto afecta a todas las versiones del paquete node-import. El argumento "params" de la función del módulo puede ser controlado por usuarios sin ningún tipo de saneo.b. • https://github.com/mahdaen/node-import/blob/master/index.js%23L79 •