CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 2CVE-2022-31161 – Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload
https://notcve.org/view.php?id=CVE-2022-31161
15 Jul 2022 — Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue. Roxy-WI es una interfaz web para administrar los servidores HAProxy, Nginx y Keepalived. En versiones anteriores a 6.1.1.0, el comando del sistema puede ser ejecutado remotamente por medio de la funció... • https://packetstorm.news/files/id/171652 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 18%CPEs: 1EXPL: 1CVE-2022-32417
https://notcve.org/view.php?id=CVE-2022-32417
14 Jul 2022 — PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. Se descubrió que PbootCMS versión v3.1.2, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio de la función parserIfLabel en el archivo function.php • https://github.com/Snakinya/Vuln/issues/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32323 – autotrace: heap-buffer overflow via the ReadImage() at input-bmp.c
https://notcve.org/view.php?id=CVE-2022-32323
14 Jul 2022 — This flaw allows an attacker to trick the user into opening a maliciously crafted BMP image, triggering arbitrary code execution or causing the application to crash. • https://github.com/autotrace/autotrace/commit/2b44c173027736c64b3f379bd154c41bab745423 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34247 – Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-34247
14 Jul 2022 — Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb22-30.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34246 – Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-34246
14 Jul 2022 — Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb22-30.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34250 – Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-34250
14 Jul 2022 — Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/incopy/apsb22-29.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34249 – Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-34249
14 Jul 2022 — Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/incopy/apsb22-29.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34245 – Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-34245
14 Jul 2022 — Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb22-30.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-32212 – nodejs: DNS rebinding in --inspect via invalid IP addresses
https://notcve.org/view.php?id=CVE-2022-32212
14 Jul 2022 — This issue provides a vector for an attacker-controlled DNS server or a Man-in-the-middle attack (MITM) who can spoof DNS responses to perform a rebinding attack and then connect to the WebSocket debugger allowing for arbitrary code execution on the target system. • https://hackerone.com/reports/1632921 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-284: Improper Access Control CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34251 – Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-34251
14 Jul 2022 — Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/incopy/apsb22-29.html • CWE-787: Out-of-bounds Write •