CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38097
https://notcve.org/view.php?id=CVE-2022-38097
By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1601 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-37332
https://notcve.org/view.php?id=CVE-2022-37332
A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. • https://github.com/SpiralBL0CK/CVE-2022-37332-RCE- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1602 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32774
https://notcve.org/view.php?id=CVE-2022-32774
By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1600 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35897
https://notcve.org/view.php?id=CVE-2022-35897
An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022041 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41945 – Remote Code Execution (RCE) vulnerability in super-xray via URL input
https://notcve.org/view.php?id=CVE-2022-41945
super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta. super-xray es un launcher de GUI de escáner de vulnerabilidades (rayos x). En la versión 0.1-beta, la URL no se filtra y se une directamente al comando, lo que genera una posible vulnerabilidad RCE. Los usuarios deben actualizar a super-xray 0.2-beta. • https://github.com/4ra1n/super-xray/releases/tag/0.2-beta https://github.com/4ra1n/super-xray/security/advisories/GHSA-732j-763p-cvqg • CWE-94: Improper Control of Generation of Code ('Code Injection') •