CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23597 – Remote program execution with user interaction
https://notcve.org/view.php?id=CVE-2022-23597
01 Feb 2022 — These may allow exploiting further vulnerabilities in those mechanisms, potentially leading to arbitrary code execution. • https://github.com/vector-im/element-desktop/commit/89b1e39b801655e595337708d4319ba4313feafa • CWE-416: Use After Free •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23603 – Code injection in iTunesRPC-Remastered
https://notcve.org/view.php?id=CVE-2022-23603
01 Feb 2022 — In code before commit 24f43aa user input is not properly sanitized and code injection is possible. • https://github.com/bildsben/iTunesRPC-Remastered/commit/24f43aac0f4116b3d89fdbe973ba92c6cfb0d998 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-22584 – Apple macOS ColorSync ICC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-22584
31 Jan 2022 — Processing a maliciously crafted file may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213053 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22590 – webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-22590
31 Jan 2022 — Processing maliciously crafted web content may lead to arbitrary code execution. • https://security.gentoo.org/glsa/202208-39 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29117 – arcreader use-after-free
https://notcve.org/view.php?id=CVE-2021-29117
31 Jan 2022 — A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. • https://www.esri.com/arcgis-blog/products/arcgis-desktop/administration/arcreader-general-data-frame-security-update • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 22EXPL: 0CVE-2022-22589 – webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript
https://notcve.org/view.php?id=CVE-2022-22589
31 Jan 2022 — If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. • http://seclists.org/fulldisclosure/2022/May/33 • CWE-1173: Improper Use of Validation Framework •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2022-22579 – Apple macOS ModelIO STL File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-22579
31 Jan 2022 — Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. • https://support.apple.com/en-us/HT213053 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23863
https://notcve.org/view.php?id=CVE-2021-23863
28 Jan 2022 — HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacker. • https://psirt.bosch.com/security-advisories/bosch-sa-844050-bt.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22808
https://notcve.org/view.php?id=CVE-2021-22808
28 Jan 2022 — A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22807
https://notcve.org/view.php?id=CVE-2021-22807
28 Jan 2022 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07 • CWE-787: Out-of-bounds Write •