CVSS: 6.9EPSS: 0%CPEs: 40EXPL: 0CVE-2021-3696 – grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
https://notcve.org/view.php?id=CVE-2021-3696
20 Jun 2022 — Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. • https://bugzilla.redhat.com/show_bug.cgi?id=1991686 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28737 – There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
https://notcve.org/view.php?id=CVE-2022-28737
20 Jun 2022 — Arbitrary code execution is not discarded in such scenario. ... A successful attack can lead to data integrity, confidentiality issues, and arbitrary code execution. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28736 – There's a use-after-free vulnerability in grub_cmd_chainloader() function
https://notcve.org/view.php?id=CVE-2022-28736
20 Jun 2022 — If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. ... This flaw allows an attacker to gain access to restricted data or cause arbitrary code execution if they can establish control from grub's memory allocation pattern. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31784
https://notcve.org/view.php?id=CVE-2022-31784
17 Jun 2022 — A successful exploit could allow arbitrary code execution. • https://www.mitel.com/support/security-advisories • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41421
https://notcve.org/view.php?id=CVE-2021-41421
16 Jun 2022 — A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. • https://github.com/mari0x00/MaianAffiliate-Code-execution-and-XSS/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41402
https://notcve.org/view.php?id=CVE-2021-41402
16 Jun 2022 — flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. flatCore-CMS versión v2.0.8, presenta una vulnerabilidad de ejecución de código, que podría permitir a un usuario remoto malicioso ejecutar código PHP arbitrario • https://github.com/flatCore/flatCore-CMS/issues/59 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41458 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2021-41458
16 Jun 2022 — En GPAC MP4Box versión v1.1.0, se presenta un desbordamiento del buffer de pila en src/utils/error.c:1769 que conlleva a una vulnerabilidad de denegación de servicio Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/1910 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 2CVE-2022-31626 – mysqlnd/pdo password buffer overflow
https://notcve.org/view.php?id=CVE-2022-31626
16 Jun 2022 — This flaw allows a remote attacker to pass a password (with an excessive length) via PDO to the MySQL server, triggering arbitrary code execution on the target system. • https://github.com/amitlttwo/CVE-2022-31626 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32545 – Ubuntu Security Notice USN-6200-1
https://notcve.org/view.php?id=CVE-2022-32545
16 Jun 2022 — An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. • https://bugzilla.redhat.com/show_bug.cgi?id=2091811 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 1CVE-2022-30165 – Windows Kerberos Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-30165
15 Jun 2022 — Windows Kerberos Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios de Windows Kerberos On Windows, the buffer for redirected logon context does not protect against spoofing resulting in arbitrary code execution in the LSA leading to local elevation of privilege. • https://packetstorm.news/files/id/167711 •