CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40606 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2021-40606
28 Jun 2022 — La función gf_bs_write_data de GPAC versión 1.0.1, permite a atacantes causar una denegación de servicio por medio de un archivo diseñado en el comando MP4Box Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/1885 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40609 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2021-40609
28 Jun 2022 — La función GetHintFormat en GPAC versión 1.0.1, permite a atacantes causar una denegación de servicio por medio de un archivo diseñado en el comando MP4Box Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/1894 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40608 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2021-40608
28 Jun 2022 — La función gf_hinter_track_finalize de GPAC versión 1.0.1, permite a atacantes causar una denegación de servicio por medio de un archivo diseñado en el comando MP4Box Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/1883 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40944 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2021-40944
28 Jun 2022 — Esto puede causar una denegación de servicio (DOS) Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/1906 • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36386 – WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2022-36386
28 Jun 2022 — Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress. Una vulnerabilidad de Ejecución de Código Arbitrario Autenticado en el plugin Soflyy Import any XML or CSV File to WordPress versiones anteriores a 3.6.7 incluyéndola, en WordPress The WP All Import plugin for WordPress is vulnerable to arbitrary code execution in versions up to, and including, 3.6.7. • https://patchstack.com/database/vulnerability/wp-all-import/wordpress-import-any-xml-or-csv-file-to-wordpress-plugin-3-6-7-authenticated-arbitrary-code-execution-vulnerability • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40942 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2021-40942
27 Jun 2022 — Esto puede causar una denegación de servicio (DOS) Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/1908 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20099 – Analytics Stats Counter Statistics Plugin code injection
https://notcve.org/view.php?id=CVE-2017-20099
27 Jun 2022 — The manipulation leads to code injection. • http://seclists.org/fulldisclosure/2017/Feb/74 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2022-28172 – Hikvision Remote Code Execution / XSS / SQL Injection
https://notcve.org/view.php?id=CVE-2022-28172
27 Jun 2022 — Debido a una insuficiente comprobación de entrada, un atacante puede aprovechar la vulnerabilidad para realizar un ataque de tipo XSS mediante el envío de mensajes con comandos maliciosos al dispositivo afectado Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbit... • http://packetstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 15%CPEs: 26EXPL: 5CVE-2022-28171 – Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-28171
27 Jun 2022 — Debido a una insuficiente comprobación de entrada, el atacante puede explotar la vulnerabilidad para ejecutar comandos restringidos mediante el envío de mensajes con comandos maliciosos al dispositivo afectado Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitra... • https://packetstorm.news/files/id/173653 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2222 – Download Monitor < 4.5.91 - Admin+ Arbitrary File Download
https://notcve.org/view.php?id=CVE-2022-2222
27 Jun 2022 — The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. El plugin Download Monitor de WordPress versiones anteriores a 4.5.91, no asegura que los archivos a descargar estén dentro de las carpetas del blog, y no sean confidenciales, permitiendo a usuarios con altos privilegios como e... • https://wpscan.com/vulnerability/dd48624a-1781-419c-a3c4-1e3eaf5e2c1b • CWE-552: Files or Directories Accessible to External Parties •