CVSS: 9.3EPSS: 8%CPEs: 14EXPL: 0CVE-2022-28838 – Adobe Acrobat Pro DC Doc flattenPages Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-28838
10 May 2022 — Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-16.html • CWE-416: Use After Free •
CVSS: 9.0EPSS: 3%CPEs: 6EXPL: 2CVE-2022-23332
https://notcve.org/view.php?id=CVE-2022-23332
09 May 2022 — Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field. Una Vulnerabilidad de inyección de Comandos en el formulario de ping manual (Web UI) en Shenzhen Ejoin Information Technology Co. ACOM508/ACOM516/ACOM532 versión 609-915-041-100-020, permite a un atacante remoto inyectar código arbitrario por medio del campo • http://en.ejointech.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 32%CPEs: 4EXPL: 0CVE-2022-27784 – Adobe After Effects Stack Buffer Overflow Could Lead To RCE
https://notcve.org/view.php?id=CVE-2022-27784
06 May 2022 — Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/after_effects/apsb22-19.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 32%CPEs: 4EXPL: 0CVE-2022-27783 – Adobe After Effects Stack Buffer Overflow Could Lead To RCE
https://notcve.org/view.php?id=CVE-2022-27783
06 May 2022 — Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/after_effects/apsb22-19.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-30293 – webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-30293
06 May 2022 — In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. En WebKitGTK versiones hasta 2.36.0 (y WPE WebKit), se presenta un desbordamiento del búfer en la región heap de la memoria en la función WebCore::TextureMapperLayer::setContentsLayer en el archivo WebCore/platform/graphics/texmap/TextureMapperLayer.cpp A heap buffer overflow vulnerability was found in WebKitGTK. The ... • http://www.openwall.com/lists/oss-security/2022/05/30/1 • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24817 – Improper kubeconfig validation allows arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-24817
06 May 2022 — Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. • https://github.com/fluxcd/flux2/security/advisories/GHSA-vvmq-fwmg-2gjc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29171 – Remote Code Execution in sourcegraph
https://notcve.org/view.php?id=CVE-2022-29171
05 May 2022 — Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a `callsignCommand`, which is used to obtain the Phabricator metadata for a Gitolite repository. An administrator who is able to edit or add a Gitolite code host and has administrative access to Sourcegraph’s bundled Grafana instance can change this command... • https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-r2m9-hfg8-4c38 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29340 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2022-29340
05 May 2022 — Esta vulnerabilidad fue corregida en el commit 37592ad Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29339 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2022-29339
05 May 2022 — Esta vulnerabilidad fue corregida en el commit 9ea93a2 Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f • CWE-617: Reachable Assertion •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1575 – Arbitrary Code Execution through Sanitizer Bypass in jgraph/drawio
https://notcve.org/view.php?id=CVE-2022-1575
05 May 2022 — Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app. • https://github.com/jgraph/drawio/commit/f768ed73875d5eca20110b9c1d72f2789cd1bab7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •