CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0895 – Static Code Injection in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0895
10 Mar 2022 — Static Code Injection in GitHub repository microweber/microweber prior to 1.3. • https://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24753 – Code injection in Stripe CLI on windows
https://notcve.org/view.php?id=CVE-2022-24753
09 Mar 2022 — Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. • https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddf6cd • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 95%CPEs: 1EXPL: 7CVE-2022-24734 – Remote code execution in mybb
https://notcve.org/view.php?id=CVE-2022-24734
09 Mar 2022 — MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. • https://packetstorm.news/files/id/167082 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24915 – ICSA-22-062-01 IPCOMM ipDIO
https://notcve.org/view.php?id=CVE-2022-24915
09 Mar 2022 — The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). Una ausencia de filtros cuando son cargadas algunas secciones en ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22985 – ICSA-22-062-01 IPCOMM ipDIO
https://notcve.org/view.php?id=CVE-2022-22985
09 Mar 2022 — The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history. La ausencia de filtros cuando son cargadas algunas secciones en la aplicación web del dispositivo vulnerable permite a atacante... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44750 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2021-44750
09 Mar 2022 — An arbitrary code execution vulnerability was found in the F-Secure Support Tool. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0896 – Improper Neutralization of Special Elements Used in a Template Engine in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0896
09 Mar 2022 — Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. Una Neutralización Inapropiada de Elementos Especiales Usados en un Motor de Plantillas en el repositorio de GitHub microweber/microweber versiones anteriores a 1.3 • https://github.com/microweber/microweber/commit/e0224462b3dd6b1f7c6ec1197413afc6019bc3b5 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25818
https://notcve.org/view.php?id=CVE-2022-25818
08 Mar 2022 — Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=3 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43944
https://notcve.org/view.php?id=CVE-2021-43944
08 Mar 2022 — This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. Este problema se presenta para documentar q... • https://jira.atlassian.com/browse/JRASERVER-73072 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 5CVE-2022-24715 – Arbitrary code execution for authenticated users in Icinga Web 2
https://notcve.org/view.php?id=CVE-2022-24715
08 Mar 2022 — Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration. Icinga Web 2 es una interfaz web de monitorización de código abierto, un framework y una interfaz de l... • https://packetstorm.news/files/id/173516 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •