CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39286 – Execution with Unnecessary Privileges in JupyterApp
https://notcve.org/view.php?id=CVE-2022-39286
Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. • https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283 https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp https://lists.debian.org/debian-lts-announce/2022/11/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KKMP5OXXIX2QAUNVNJZ5UEQFKDYYJVBA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YIDN7JMLK6AOMBQI4QPSW4MBQGWQ5NIN https://security.gentoo.org/glsa/202301-04 https:// • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39326 – kartverket/github-workflows's run-terraform allows for RCE via terraform plan
https://notcve.org/view.php?id=CVE-2022-39326
Prior to version 2.7.5, all users of the `run-terraform` reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. • https://github.com/kartverket/github-workflows/pull/19 https://github.com/kartverket/github-workflows/releases/tag/v2.7.5 https://github.com/kartverket/github-workflows/security/advisories/GHSA-f9qj-7gh3-mhj4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33185
https://notcve.org/view.php?id=CVE-2022-33185
Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. • https://security.netapp.com/advisory/ntap-20230127-0010 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2078 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2022-39327 – Improper Control of Generation of Code ('Code Injection') in Azure CLI
https://notcve.org/view.php?id=CVE-2022-39327
In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. • https://github.com/Azure/azure-cli/pull/23514 https://github.com/Azure/azure-cli/pull/24015 https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26731 – spx_restservice modifyUserb_func Command Injection and Multiple Stack-Based Buffer Overflows
https://notcve.org/view.php?id=CVE-2021-26731
Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. Unas vulnerabilidades de inyección de comandos y de desbordamiento del búfer en la región stack de la memoria en la función modifyUserb_func de spx_restservice permiten a un atacante ejecutar código arbitrario con los mismos privilegios que el usuario del servidor (root). Este problema afecta: Lanner Inc IAC-AST2500A versión de firmware estándar 1.10.0 Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. • https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1 https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26731 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •