CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24783 – Sandbox bypass leading to arbitrary code execution in Deno
https://notcve.org/view.php?id=CVE-2022-24783
25 Mar 2022 — Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. • https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-26622 – Genian NAC remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2021-26622
25 Mar 2022 — An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability. Se ha detectado una vulnerabilidad de ejecución de código remota debido a la vulnerabilidad de SSTI y a una insuficiente comprobación de parámetros de nombres de archivos en Genian NAC. Los atacantes remotos pueden ejecutar có... • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66580 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-27227 – Ubuntu Security Notice USN-7203-1
https://notcve.org/view.php?id=CVE-2022-27227
25 Mar 2022 — An attacker could possibly use this issue to achieve arbitrary code execution. • http://www.openwall.com/lists/oss-security/2022/03/25/1 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43666 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2021-43666
24 Mar 2022 — Se presenta una vulnerabilidad de denegación de servicio en mbed TLS 3.0.0 y anteriores, en la función mbedtls_pkcs12_derivation cuando la longitud de una contraseña de entrada es 0 Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. • https://github.com/ARMmbed/mbedtls/issues/5136 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0661 – Ad Injection <= 1.2.0.19 - Admin+ Stored Cross-Site Scripting & RCE
https://notcve.org/view.php?id=CVE-2022-0661
22 Mar 2022 — The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site scripting (XSS) vulnerability. Further it is also possible to inject PHP code, leading to a Remote Code execution (RCE) vulnerability, even if the DISALLOW_FILE_EDIT and DISALLOW_FILE_MOD constants are both set. El plugin Ad Injection d... • https://wpscan.com/vulnerability/3c5a7b03-d4c3-46b9-af65-fb50e58b0bfd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38745
https://notcve.org/view.php?id=CVE-2021-38745
21 Mar 2022 — Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. • https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-81-2021-07-26-High-impact-Low-risk-Zero-Code-RCE-in-admin • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1035 – Segmentation Fault caused by MP4Box -lsr in gpac/gpac
https://notcve.org/view.php?id=CVE-2022-1035
21 Mar 2022 — Un Fallo de Segmentación causado por MP4Box -lsr en el repositorio de GitHub gpac/gpac versiones anteriores a 2.1.0-DEV Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2021-39383
https://notcve.org/view.php?id=CVE-2021-39383
20 Mar 2022 — DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. Se ha detectado que DWSurvey versión v3.2.0, contiene una vulnerabilidad de Ejecución de Comandos Remota (RCE) por medio del componente /sysuser/SysPropertyAction.java • https://github.com/wkeyuan/DWSurvey/issues/81 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25581
https://notcve.org/view.php?id=CVE-2022-25581
18 Mar 2022 — This vulnerability allows attackers to execute code injection via a crafted .txt file. • https://github.com/k0xx11/Vulscve/blob/master/classcms2.5-rce.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25578
https://notcve.org/view.php?id=CVE-2022-25578
18 Mar 2022 — taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. taocms versión v3.0.2 permite a atacantes ejecutar una inyección de código por medio de una edición arbitraria del archivo .htaccess • http://taocms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •