CVSS: 7.6EPSS: 0%CPEs: 22EXPL: 0CVE-2022-22589 – webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript
https://notcve.org/view.php?id=CVE-2022-22589
31 Jan 2022 — If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. • http://seclists.org/fulldisclosure/2022/May/33 • CWE-1173: Improper Use of Validation Framework •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2022-22579 – Apple macOS ModelIO STL File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-22579
31 Jan 2022 — Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. • https://support.apple.com/en-us/HT213053 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23863
https://notcve.org/view.php?id=CVE-2021-23863
28 Jan 2022 — HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacker. • https://psirt.bosch.com/security-advisories/bosch-sa-844050-bt.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22808
https://notcve.org/view.php?id=CVE-2021-22808
28 Jan 2022 — A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22807
https://notcve.org/view.php?id=CVE-2021-22807
28 Jan 2022 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22827
https://notcve.org/view.php?id=CVE-2021-22827
28 Jan 2022 — A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22826
https://notcve.org/view.php?id=CVE-2021-22826
28 Jan 2022 — A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0108 – Debian Security Advisory 5397-1
https://notcve.org/view.php?id=CVE-2022-0108
28 Jan 2022 — P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution. ... Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2023/04/21/3 • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21686 – Server Side Twig Template Injection in PrestaShop
https://notcve.org/view.php?id=CVE-2022-21686
26 Jan 2022 — PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds. PrestaShop es una plataforma de comercio electrónico de código abierto. • https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46114
https://notcve.org/view.php?id=CVE-2021-46114
26 Jan 2022 — jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. jpress versión 4.2.0 es vulnerable a RCE por medio de io.jpress.module.product.ProductNotifyKit#doSendEmail. El panel de administración proporciona una función mediante la cual los atacantes pueden editar las plantillas de correo electrónico e inyectar algún código malicioso • http://jpress.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •