CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38438 – AEM Reflected XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-38438
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. Adobe Experience Manager versiones 6.5.13.0 (y anteriores) están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado. Si un atacante es capaz de convencer a una víctima de que visite una URL que haga referencia a una página vulnerable, puede ejecutarse contenido JavaScript malicioso en el contexto del navegador de la víctima. • https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36338
https://notcve.org/view.php?id=CVE-2022-36338
An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. • https://binarly.io/advisories/BRLY-2022-017/index.html https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022029 •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2022-40628 – Remote Code Execution Vulnerability in Tacitine Firewall
https://notcve.org/view.php?id=CVE-2022-40628
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device. Esta vulnerabilidad se presenta en Tacitine Firewall, en todas las versiones de EN6200-PRIME QUAD-35 y EN6200-PRIME QUAD-100 entre 19.1.1 y 22.20.1 (incluyéndola), debido a un control inapropiado de la generación de código en la interfaz de administración basada en la web de Tacitine Firewall. Un atacante remoto no autenticado podría explotar esta vulnerabilidad mediante el envío de una petición http especialmente diseñada en el dispositivo objetivo. • https://tacitine.com/newdownload/CVE-2022-40628.pdf https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0363 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38742 – Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack
https://notcve.org/view.php?id=CVE-2022-38742
Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution. Rockwell Automation ThinManager ThinServer versiones 11.0.0 - 13.0.0, son vulnerables a un desbordamiento del búfer en la región heap de la memoria. Un atacante podría enviar una petición TFTP o HTTPS específicamente diseñada, causando un desbordamiento del búfer en la región heap de la memoria que bloquea el proceso de ThinServer. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1136847 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 0CVE-2022-3236 – Sophos Firewall Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-3236
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. ... A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •