CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1286 – heap-buffer-overflow in mrb_vm_exec in mruby/mruby in mruby/mruby
https://notcve.org/view.php?id=CVE-2022-1286
10 Apr 2022 — Possible arbitrary code execution if being exploited. • https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1276 – Out-of-bounds Read in mrb_get_args in mruby/mruby
https://notcve.org/view.php?id=CVE-2022-1276
10 Apr 2022 — Possible arbitrary code execution if being exploited. • https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27148 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2022-27148
08 Apr 2022 — GPAC mp4box versión 1.1.0-DEV-rev1663-g881c6a94a-master, es vulnerable a un desbordamiento de enteros Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/2067 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27146 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2022-27146
08 Apr 2022 — GPAC mp4box versión 1.1.0-DEV-rev1759-geb2d1e6dd, presenta una vulnerabilidad de desbordamiento del búfer de la pila en la función gf_isom_apple_enum_tag Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/2120 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27147 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2022-27147
08 Apr 2022 — GPAC mp4box versión 1.1.0-DEV-rev1727-g8be34973d-master, presenta una vulnerabilidad de uso de memoria previamente liberada en la función gf_node_get_attribute_by_tag Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/2109 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27145 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2022-27145
08 Apr 2022 — GPAC mp4box versión 1.1.0-DEV-rev1727-g8be34973d-master, presenta una vulnerabilidad de desbordamiento de pila en la función gf_isom_get_sample_for_movie_time de mp4box Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/2108 • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1118 – Rockwell Automation ISaGRAF Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-1118
08 Apr 2022 — This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-095-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 4%CPEs: 12EXPL: 4CVE-2022-24780 – Code Injection in Combodo iTop
https://notcve.org/view.php?id=CVE-2022-24780
05 Apr 2022 — Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds. Combodo iTop es una herramienta de Administración de Servicios de TI basada en la web. • https://packetstorm.news/files/id/167236 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-39114
https://notcve.org/view.php?id=CVE-2021-39114
05 Apr 2022 — Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. Las versiones afectadas de Atlassian Confluence Server y Data Center permiten a los usuarios con una cuenta válida en una ins... • https://jira.atlassian.com/browse/CONFSERVER-68844 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1212 – Use-After-Free in str_escape in mruby/mruby in mruby/mruby
https://notcve.org/view.php?id=CVE-2022-1212
05 Apr 2022 — Possible arbitrary code execution if being exploited. • https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6 • CWE-416: Use After Free •