CVSS: 6.7EPSS: 0%CPEs: 16EXPL: 0CVE-2021-4178 – kubernetes-client: Insecure deserialization in unmarshalYaml method
https://notcve.org/view.php?id=CVE-2021-4178
09 Feb 2022 — A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. • https://access.redhat.com/security/cve/CVE-2021-4178 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22725
https://notcve.org/view.php?id=CVE-2022-22725
04 Feb 2022 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-04 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22723
https://notcve.org/view.php?id=CVE-2022-22723
04 Feb 2022 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22150
https://notcve.org/view.php?id=CVE-2022-22150
04 Feb 2022 — A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1439 • CWE-460: Improper Cleanup on Thrown Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40420
https://notcve.org/view.php?id=CVE-2021-40420
04 Feb 2022 — A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1429 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 2CVE-2022-23614 – Code injection in Twig
https://notcve.org/view.php?id=CVE-2022-23614
04 Feb 2022 — In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. • https://github.com/davwwwx/CVE-2022-23614 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24249 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2022-24249
04 Feb 2022 — Esta vulnerabilidad fue corregida en el commit 71f9871 Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/issues/2081 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44978
https://notcve.org/view.php?id=CVE-2021-44978
04 Feb 2022 — iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. iCMS versiones anteriores a 8.0.0 incluyéndola, permite a usuarios añadir y renderizar una plantilla comtom, que presenta una vulnerabilidad SSTI que causa una ejecución de código remota • https://gem-love.com/2021/12/10/ICMS-8-0-0%E5%90%8E%E5%8F%B0%E6%A8%A1%E6%9D%BF%E6%B3%A8%E5%85%A5%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C0day%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-4043 – NULL Pointer Dereference in gpac/gpac
https://notcve.org/view.php?id=CVE-2021-4043
04 Feb 2022 — Una Desreferencia de Puntero NULL en el repositorio de GitHub gpac/gpac versiones anteriores a 1.1.0 Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/cyberark/PwnKit-Hunter • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36193
https://notcve.org/view.php?id=CVE-2021-36193
02 Feb 2022 — Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands. • https://fortiguard.com/advisory/FG-IR-21-132 • CWE-787: Out-of-bounds Write •