CVSS: 7.8EPSS: 0%CPEs: 386EXPL: 0CVE-2021-3809
https://notcve.org/view.php?id=CVE-2021-3809
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. • https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788 •
CVSS: 7.8EPSS: 0%CPEs: 386EXPL: 0CVE-2021-3808
https://notcve.org/view.php?id=CVE-2021-3808
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. • https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788 •
CVSS: 7.0EPSS: 0%CPEs: 634EXPL: 0CVE-2022-27538
https://notcve.org/view.php?id=CVE-2022-27538
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. • https://support.hp.com/us-en/document/ish_7387020-7387107-16/hpsbhf03827 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2022-25967
https://notcve.org/view.php?id=CVE-2022-25967
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data. Las versiones del paquete eta anteriores a la 2.0.0 son vulnerables a la ejecución remota de código (RCE) al sobrescribir las variables de configuración del motor de plantilla con las opciones de visualización recibidas de la API de renderizado Express. **Nota:** Esto solo es explotable para usuarios que renderizan plantillas con datos definidos por el usuario. • https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/compile-string.ts%23L21 https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/file-handlers.ts%23L182 https://github.com/eta-dev/eta/commit/5651392462ee0ff19d77c8481081a99e5b9138dd https://security.snyk.io/vuln/SNYK-JS-ETA-2936803 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 108EXPL: 0CVE-2022-45788
https://notcve.org/view.php?id=CVE-2022-45788
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf • CWE-754: Improper Check for Unusual or Exceptional Conditions •