Page 473 of 8799 results (0.079 seconds)

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0

CVE-2022-33885 – Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2022-33885

This vulnerability can lead to arbitrary code execution. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2022-40486

https://notcve.org/view.php?id=CVE-2022-40486

TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file. Se ha detectado que el firmware de TP Link Archer AX10 versión V1, versión 1.3.1 Build 20220401 Rel. 57450(5553), permitía a atacantes autenticados ejecutar código arbitrario por medio de un archivo de copia de seguridad diseñado • https://github.com/gscamelo/TP-Link-Archer-AX10-V1/blob/main/README.md https://www.tp-link.com/br/home-networking/wifi-router/archer-ax10 https://www.tp-link.com/br/support/download/archer-ax10/v1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-39256 – Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.

https://notcve.org/view.php?id=CVE-2022-39256

Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. • https://github.com/Orckestra/C1-CMS-Foundation/pull/814 https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.13 https://github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-gfhp-jgp6-838j • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2

CVE-2022-21797 – Arbitrary Code Execution

https://notcve.org/view.php?id=CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. • https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 https://github.com/joblib/joblib/issues/1128 https://github.com/joblib/joblib/pull/1321 https://lists.debian.org/debian-lts-announce/2022/11/msg00020.html https://lists.debian.org/debian-lts-announce/2023/03/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVOMMW37OXZWU2EV5ONAAS462IQEHZOF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-38439 – AEM Reflected XSS Arbitrary code execution

https://notcve.org/view.php?id=CVE-2022-38439

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. Adobe Experience Manager versiones 6.5.13.0 (y anteriores) están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado. Si un atacante es capaz de convencer a una víctima de que visite una URL que haga referencia a una página vulnerable, puede ejecutarse contenido JavaScript malicioso en el contexto del navegador de la víctima. • https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •