CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46817 – Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution
https://notcve.org/view.php?id=CVE-2021-46817
13 Jun 2022 — An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/media-encoder/apsb21-70.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46818 – Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution
https://notcve.org/view.php?id=CVE-2021-46818
13 Jun 2022 — An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/media-encoder/apsb21-70.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37404 – Heap buffer overflow in libhdfs native library
https://notcve.org/view.php?id=CVE-2021-37404
13 Jun 2022 — Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. • https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2054 – Code Injection in nuitka/nuitka
https://notcve.org/view.php?id=CVE-2022-2054
12 Jun 2022 — Code Injection in GitHub repository nuitka/nuitka prior to 0.9. • https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 32%CPEs: 1EXPL: 0CVE-2021-41749
https://notcve.org/view.php?id=CVE-2021-41749
12 Jun 2022 — In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution. En el plugin SEOmatic versiones hasta 3.4.11 para Craft CMS 3, es posible que atacantes no autenticados lleven a cabo un ataque de tipo Server-Side Template Injection, permitiendo una ejecución de código remota • https://github.com/nystudio107/craft-seomatic/blob/develop/CHANGELOG.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-24429 – Arbitrary Code Injection
https://notcve.org/view.php?id=CVE-2022-24429
10 Jun 2022 — The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. • https://github.com/neocotic/convert-svg/commit/a43dffaab0f1e419d5be84e2e7356b86ffac3cf1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2014 – Code Injection in jgraph/drawio
https://notcve.org/view.php?id=CVE-2022-2014
08 Jun 2022 — Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. • https://github.com/jgraph/drawio/commit/3d3f819d7a04da7d53b37cc0ca4269c157ba2825 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25152 – ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals
https://notcve.org/view.php?id=CVE-2022-25152
08 Jun 2022 — This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents. • https://csirt.divd.nl/CVE-2022-25152 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40592 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2021-40592
08 Jun 2022 — Para aprovecharla, la víctima debe abrir un archivo mp4 especialmente diseñado Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-21122 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-21122
03 Jun 2022 — The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. • https://github.com/metarhia/metacalc/commit/625c23d63eabfa16fc815f5832b147b08d2144bd • CWE-94: Improper Control of Generation of Code ('Code Injection') •