CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42268
https://notcve.org/view.php?id=CVE-2022-42268
Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service. Omniverse Kit contiene una vulnerabilidad en las aplicaciones de referencia Create, Audio2Face, Isaac Sim, View, Code y Machinima. • https://nvidia.custhelp.com/app/answers/detail/a_id/5418 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40983
https://notcve.org/view.php?id=CVE-2022-40983
A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43591
https://notcve.org/view.php?id=CVE-2022-43591
A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1650 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4498 – A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.
https://notcve.org/view.php?id=CVE-2022-4498
This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution. • https://kb.cert.org/vuls/id/572615 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2021-26398
https://notcve.org/view.php?id=CVE-2021-26398
Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032 • CWE-787: Out-of-bounds Write •