Page 476 of 11927 results (0.098 seconds)

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

25 Feb 2022 — Successful exploitation of this vulnerability may cause code injection. • https://consumer.huawei.com/en/support/bulletin/2021/6 •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

25 Feb 2022 — There is a code injection vulnerability in smartphones. • https://consumer.huawei.com/en/support/bulletin/2021/7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

25 Feb 2022 — The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

25 Feb 2022 — The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01 • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

24 Feb 2022 — Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors. Una vulnerabilidad de inyección de plantillas ... • https://developer.a-blogcms.jp/blog/news/security-202202.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 0

21 Feb 2022 — Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. Se ha detectado que Okta Advanced Server Access Client para Windows versiones anteriores a 1.57.0, es vulnerable a una inyección de comandos por medio de una URL especialmente diseñada • https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 91%CPEs: 1EXPL: 2

21 Feb 2022 — The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE El plugin WPCargo Track & Trace de WordPress versiones anteriores a 6.9.0, contiene un archivo que podría permitir a atacantes no autenticados escribir un archivo PHP en cualquier lugar del servidor web, conllevando a una vulnerabilidad de tipo RCE • https://github.com/biulove0x/CVE-2021-25003 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 84%CPEs: 1EXPL: 6

18 Feb 2022 — Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. • https://packetstorm.news/files/id/167741 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •

CVSS: 9.1EPSS: 10%CPEs: 1EXPL: 4

18 Feb 2022 — MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. Se ha detectado que MCMS versión v5.2.5, contiene una vulnerabilidad de inyección de plantillas del lado del servidor (SSTI) por medio del módulo de administración de plantillas • https://github.com/miguelc49/CVE-2021-46063-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0

18 Feb 2022 — Debido al manejo inapropiado de literales IMAP extremadamente grandes ()=2GiB), los servidores IMAP maliciosos o comprometidos, e hipotéticamente incluso los remitentes de correo electrónico externos, podrían causar varios desbordamientos de búfer diferentes, que podrían ser explotados para una ejecución de código remota Multiple vulnerabilities have been discovered in isync, the worst of which could result in arbitrary code execution. • https://bugzilla.redhat.com/show_bug.cgi?id=2028932 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •