CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46742
https://notcve.org/view.php?id=CVE-2022-46742
Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43667
https://notcve.org/view.php?id=CVE-2022-43667
Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. • https://jvn.jp/en/vu/JVNVU92877622/index.html https://jvn.jp/vu/JVNVU92877622/index.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43508
https://notcve.org/view.php?id=CVE-2022-43508
Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. • https://jvn.jp/en/vu/JVNVU92877622/index.html https://jvn.jp/vu/JVNVU92877622/index.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43509 – Omron CX-One CX-Programmer CXP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43509
Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. • https://jvn.jp/en/vu/JVNVU92877622/index.html https://jvn.jp/vu/JVNVU92877622/index.html • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43660
https://notcve.org/view.php?id=CVE-2022-43660
Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. La neutralización incorrecta de Server-Side Includes (SSW) dentro de una página web de la serie Movable Type permite que un atacante remoto autenticado con el privilegio de 'Administrar tipos de contenido' pueda ejecutar un script Perl arbitrario y/o un comando del sistema operativo arbitrario. Los productos/versiones afectados son los siguientes: Movable Type 7 r.5301 y anteriores (Serie Movable Type 7), Movable Type Advanced 7 r.5301 y anteriores (Serie Movable Type Advanced 7), Movable Type Premium 1.53 y anteriores, y Movable Type Premium Avanzado 1.53 y anteriores. • https://jvn.jp/en/jp/JVN37014768/index.html https://movabletype.org/news/2022/11/mt-796-688-released.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •