CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22763 – Mozilla: Script Execution during invalid object state
https://notcve.org/view.php?id=CVE-2022-22763
14 Feb 2022 — When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6. Cuando se apaga un trabajador, era posible hacer que el script se ejecutara tarde en el ciclo de vida, en un punto posterior al que no debería ser posible. Esta vulnerabilidad afecta a Firefox < 96, Thunderbird< 91.6 y Firefox ESR < 91.6. The Mozilla Foundation Security Advisory... • https://bugzilla.mozilla.org/show_bug.cgi?id=1740534 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-46362
https://notcve.org/view.php?id=CVE-2021-46362
11 Feb 2022 — A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. Una vulnerabilidad de Inyección de Plantilla del Lado del Servidor (SSTI) en los formularios Registration and Forgotten Password de Magnolia versiones v6.2.3 y anteriores, permite a atacantes ejecutar código arbitrario por medio de una carga útil diseñada introducida en el pará... • https://github.com/mbadanoiu/CVE-2021-46362 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2021-46363
https://notcve.org/view.php?id=CVE-2021-46363
11 Feb 2022 — These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel. • https://github.com/mbadanoiu/CVE-2021-46363 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23434
https://notcve.org/view.php?id=CVE-2022-23434
11 Feb 2022 — A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. Una vulnerabilidad usando PendingIntent en Bixby Vision versiones anteriores a 3.7.60.8 en Android S(12), versiones 3.7.50.6 en Android R(11) y anteriores, permite a atacantes ejecutar una acción privilegiada al secuestrar y modificar la intención • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23426
https://notcve.org/view.php?id=CVE-2022-23426
11 Feb 2022 — A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. Una vulnerabilidad usando PendingIntent en DeX Home y DeX para PC versiones anteriores a SMR Feb-2022 Release 1, permite a atacantes acceder a archivos con privilegios del sistema • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24289 – Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions
https://notcve.org/view.php?id=CVE-2022-24289
11 Feb 2022 — This can result in arbitrary code execution. • http://www.openwall.com/lists/oss-security/2022/02/11/1 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 41%CPEs: 3EXPL: 3CVE-2021-44521 – Remote code execution for scripted UDFs
https://notcve.org/view.php?id=CVE-2021-44521
11 Feb 2022 — When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE. Cuando es eje... • https://github.com/WoodenKlaas/CVE-2021-44521 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 3CVE-2022-22620 – Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-22620
11 Feb 2022 — Processing maliciously crafted web content may lead to arbitrary code execution. • https://github.com/kmeps4/CVE-2022-22620 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2022-23631 – Prototype Pollution leading to Remote Code Execution in superjson
https://notcve.org/view.php?id=CVE-2022-23631
09 Feb 2022 — superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. This has been patched in superjson 1.8.1. Users are advised to update. • https://github.com/advisories/GHSA-5888-ffcr-r425 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-40837 – Denial-of-Service (DoS) Vulnerability
https://notcve.org/view.php?id=CVE-2021-40837
09 Feb 2022 — A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. ... Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure versiones anteriores a la actualización 2022-02-01_01 de Capricorn, por la que una descompresión del archivo ACE causa la detención del servicio de escáner. • https://www.f-secure.com/en/business/support-and-downloads/security-advisories •