CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-43571 – Remote Code Execution through dashboard PDF generation component in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2022-43571
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar código arbitrario a través del componente de generación de PDF del dashboard. • https://github.com/ohnonoyesyes/CVE-2022-43571 https://research.splunk.com/application/b06b41d7-9570-4985-8137-0784f582a1b3 https://www.splunk.com/en_us/product-security/announcements/svd-2022-1111.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42795
https://notcve.org/view.php?id=CVE-2022-42795
Processing a maliciously crafted image may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213446 https://support.apple.com/en-us/HT213486 https://support.apple.com/en-us/HT213487 https://support.apple.com/en-us/HT213488 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32905
https://notcve.org/view.php?id=CVE-2022-32905
Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges. • https://support.apple.com/en-us/HT213488 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42809
https://notcve.org/view.php?id=CVE-2022-42809
Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution. • https://support.apple.com/en-us/HT213488 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26730
https://notcve.org/view.php?id=CVE-2022-26730
Processing a maliciously crafted image may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213488 • CWE-787: Out-of-bounds Write •