CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-4172 – QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record
https://notcve.org/view.php?id=CVE-2022-4172
Arbitrary code execution was deemed unlikely. • https://gitlab.com/qemu-project/qemu/-/commit/defb7098 https://gitlab.com/qemu-project/qemu/-/issues/1268 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de https://security.netapp.com/advisory/ntap-20230127-0013 https://access.redhat.com/security/cve/CVE-2022-4172 https://bugzilla.redhat.com/show_bug.cgi?id=2149105 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45908
https://notcve.org/view.php?id=CVE-2022-45908
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md https://github.com/PaddlePaddle/Paddle/commit/26c419ca386aeae3c461faf2b828d00b48e908eb • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45907
https://notcve.org/view.php?id=CVE-2022-45907
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. • https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3 https://github.com/pytorch/pytorch/issues/88868 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2022-41158 – eyoom builder Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41158
Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code. La vulnerabilidad de ejecución remota de código se puede lograr utilizando valores de cookies como rutas a un archivo mediante este programa de creación. Un atacante remoto podría aprovechar la vulnerabilidad para ejecutar o inyectar código malicioso. • https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=67043 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36337
https://notcve.org/view.php?id=CVE-2022-36337
A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022039 • CWE-787: Out-of-bounds Write •