
CVE-2022-31144 – Potential heap overflow in Redis
https://notcve.org/view.php?id=CVE-2022-31144
19 Jul 2022 — Multiple vulnerabilities have been found in Redis, the worst of which could result in arbitrary code execution. • https://github.com/SpiralBL0CK/CVE-2022-31144 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2022-1920 – gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header()
https://notcve.org/view.php?id=CVE-2022-1920
19 Jul 2022 — Potential for arbitrary code execution through heap overwrite. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVE-2022-2453 – Use After Free in gpac/gpac
https://notcve.org/view.php?id=CVE-2022-2453
19 Jul 2022 — Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c • CWE-416: Use After Free •

CVE-2022-1921 – gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files
https://notcve.org/view.php?id=CVE-2022-1921
19 Jul 2022 — Potential for arbitrary code execution through heap overwrite. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224 • CWE-190: Integer Overflow or Wraparound •

CVE-2022-2454 – Integer Overflow or Wraparound in gpac/gpac
https://notcve.org/view.php?id=CVE-2022-2454
19 Jul 2022 — Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096 • CWE-190: Integer Overflow or Wraparound •

CVE-2022-34033 – Gentoo Linux Security Advisory 202405-07
https://notcve.org/view.php?id=CVE-2022-34033
18 Jul 2022 — Se ha detectado que HTMLDoc versión v1.9.15, contiene un desbordamiento de pila por medio de (write_header) /htmldoc/htmldoc/html.cxx:273 Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution. • https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e • CWE-787: Out-of-bounds Write •

CVE-2022-23201 – Adobe RoboHelp Reflected XSS could lead to Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-23201
15 Jul 2022 — Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Adobe RoboHelp versiones 2020.0.7 (y anteriores), están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado. Si un atacante es capaz de convencer a una víctima de que visite una URL que haga ... • https://helpx.adobe.com/security/products/robohelp/apsb22-10.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2022-34230 – Adobe Acrobat Reader Use After Free could lead to Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-34230
15 Jul 2022 — Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-32.html • CWE-416: Use After Free •

CVE-2022-34221 – Adobe Acrobat Reader Type Confusion vulnerability could lead to Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-34221
15 Jul 2022 — Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-32.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2022-31161 – Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload
https://notcve.org/view.php?id=CVE-2022-31161
15 Jul 2022 — Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue. Roxy-WI es una interfaz web para administrar los servidores HAProxy, Nginx y Keepalived. En versiones anteriores a 6.1.1.0, el comando del sistema puede ser ejecutado remotamente por medio de la funció... • https://packetstorm.news/files/id/171652 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •