CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 6CVE-2022-1609 – The School Management < 9.9.7 - Unauthenticated RCE via REST api
https://notcve.org/view.php?id=CVE-2022-1609
27 Jun 2022 — The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. El complemento de WordPress School Management anterior a 9.9.7 contiene una puerta trasera ofuscada inyectada en su código de verificación de licencia que registra un controlador de API REST, lo que permite a un atacante no autenticado ejecutar código PHP arbitrario en el s... • https://github.com/0xSojalSec/-CVE-2022-1609 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-912: Hidden Functionality •
CVSS: 9.1EPSS: 1%CPEs: 25EXPL: 2CVE-2022-20829 – Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-20829
24 Jun 2022 — A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Softwa... • https://github.com/jbaines-r7/theway • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1743 – 2.2.5 PATH TRAVERSAL: '../FILEDIR' CWE-24
https://notcve.org/view.php?id=CVE-2022-1743
24 Jun 2022 — The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 • CWE-24: Path Traversal: '../filedir' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20095 – Simple Ads Manager Plugin code injection
https://notcve.org/view.php?id=CVE-2017-20095
24 Jun 2022 — The manipulation leads to code injection. • http://seclists.org/fulldisclosure/2017/Feb/80 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2147 – Unquoted Service Path in Cloudflare WARP for Windows
https://notcve.org/view.php?id=CVE-2022-2147
23 Jun 2022 — Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. • https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r • CWE-428: Unquoted Search Path or Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20086 – VaultPress Plugin code injection
https://notcve.org/view.php?id=CVE-2017-20086
23 Jun 2022 — The manipulation leads to code injection. • http://seclists.org/fulldisclosure/2017/Feb/95 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2022-33105 – Gentoo Linux Security Advisory 202209-17
https://notcve.org/view.php?id=CVE-2022-33105
22 Jun 2022 — Se ha detectado que Redis versión v7.0, contiene una pérdida de memoria por medio del componente streamGetEdgeID Multiple vulnerabilities have been found in Redis, the worst of which could result in arbitrary code execution. • https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20064 – Elefant CMS layout code injection
https://notcve.org/view.php?id=CVE-2017-20064
20 Jun 2022 — The manipulation leads to code injection. • http://seclists.org/fulldisclosure/2017/Feb/39 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-3697 – grub2: Crafted JPEG image can lead to buffer underflow write in the heap
https://notcve.org/view.php?id=CVE-2021-3697
20 Jun 2022 — Secure-boot mechanisms circumvention and arbitrary code execution may also be achievable. • https://bugzilla.redhat.com/show_bug.cgi?id=1991687 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2021-3695 – grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
https://notcve.org/view.php?id=CVE-2021-3695
20 Jun 2022 — An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. • https://bugzilla.redhat.com/show_bug.cgi?id=1991685 • CWE-787: Out-of-bounds Write •