CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23925
https://notcve.org/view.php?id=CVE-2022-23925
11 Mar 2022 — Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. • https://support.hp.com/us-en/document/ish_5817864-5817896-16 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0921 – Abusing Backup/Restore feature to achieve Remote Code Execution in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0921
11 Mar 2022 — Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. Un Abuso de la funcionalidad Backup/Restore para alcanzar una Ejecución de Código Remota en el repositorio de GitHub microweber/microweber versiones anteriores a 1.2.12 • https://github.com/microweber/microweber/commit/867bdda1b4660b0795ad7f87ab5abe9e44b2b318 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44618
https://notcve.org/view.php?id=CVE-2021-44618
11 Mar 2022 — A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header. Se presenta una vulnerabilidad de Inyección de Plantillas del Lado del Servidor (SSTI) en Nystudio107 Seomatic versión 3.4.12, en el archivo src/helpers/UrlHelper.php por medio del encabezado host • https://github.com/nystudio107/craft-seomatic/commit/0c5c0c0e0cb61000d12ec55ebf174745a5bf6469 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24754 – Buffer overflow in pjsip
https://notcve.org/view.php?id=CVE-2022-24754
11 Mar 2022 — Los usuarios que no puedan actualizarse deben comprobar que la longitud de los datos del resumen hash debe ser igual a "PJSIP_MD5STRLEN" antes de pasar a PJSIP Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. • https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0895 – Static Code Injection in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0895
10 Mar 2022 — Static Code Injection in GitHub repository microweber/microweber prior to 1.3. • https://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24753 – Code injection in Stripe CLI on windows
https://notcve.org/view.php?id=CVE-2022-24753
09 Mar 2022 — Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. • https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddf6cd • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 95%CPEs: 1EXPL: 7CVE-2022-24734 – Remote code execution in mybb
https://notcve.org/view.php?id=CVE-2022-24734
09 Mar 2022 — MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. • https://packetstorm.news/files/id/167082 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24915 – ICSA-22-062-01 IPCOMM ipDIO
https://notcve.org/view.php?id=CVE-2022-24915
09 Mar 2022 — The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). Una ausencia de filtros cuando son cargadas algunas secciones en ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22985 – ICSA-22-062-01 IPCOMM ipDIO
https://notcve.org/view.php?id=CVE-2022-22985
09 Mar 2022 — The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history. La ausencia de filtros cuando son cargadas algunas secciones en la aplicación web del dispositivo vulnerable permite a atacante... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44750 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2021-44750
09 Mar 2022 — An arbitrary code execution vulnerability was found in the F-Secure Support Tool. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •