CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21209 – ICSA-22-055-01 FATEK Automation FvDesigner
https://notcve.org/view.php?id=CVE-2022-21209
25 Feb 2022 — The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23985 – ICSA-22-055-01 FATEK Automation FvDesigner
https://notcve.org/view.php?id=CVE-2022-23985
25 Feb 2022 — The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23810
https://notcve.org/view.php?id=CVE-2022-23810
24 Feb 2022 — Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors. Una vulnerabilidad de inyección de plantillas ... • https://developer.a-blogcms.jp/blog/news/security-202202.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 0CVE-2022-24295
https://notcve.org/view.php?id=CVE-2022-24295
21 Feb 2022 — Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. Se ha detectado que Okta Advanced Server Access Client para Windows versiones anteriores a 1.57.0, es vulnerable a una inyección de comandos por medio de una URL especialmente diseñada • https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 91%CPEs: 1EXPL: 2CVE-2021-25003 – WPCargo < 6.9.0 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2021-25003
21 Feb 2022 — The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE El plugin WPCargo Track & Trace de WordPress versiones anteriores a 6.9.0, contiene un archivo que podría permitir a atacantes no autenticados escribir un archivo PHP en cualquier lugar del servidor web, conllevando a una vulnerabilidad de tipo RCE • https://github.com/biulove0x/CVE-2021-25003 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 84%CPEs: 1EXPL: 6CVE-2022-23642 – Code Injection in Sourcegraph
https://notcve.org/view.php?id=CVE-2022-23642
18 Feb 2022 — Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. • https://packetstorm.news/files/id/167741 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 10%CPEs: 1EXPL: 4CVE-2021-46063
https://notcve.org/view.php?id=CVE-2021-46063
18 Feb 2022 — MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. Se ha detectado que MCMS versión v5.2.5, contiene una vulnerabilidad de inyección de plantillas del lado del servidor (SSTI) por medio del módulo de administración de plantillas • https://github.com/miguelc49/CVE-2021-46063-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0CVE-2021-3657 – Gentoo Linux Security Advisory 202208-15
https://notcve.org/view.php?id=CVE-2021-3657
18 Feb 2022 — Debido al manejo inapropiado de literales IMAP extremadamente grandes ()=2GiB), los servidores IMAP maliciosos o comprometidos, e hipotéticamente incluso los remitentes de correo electrónico externos, podrían causar varios desbordamientos de búfer diferentes, que podrían ser explotados para una ejecución de código remota Multiple vulnerabilities have been discovered in isync, the worst of which could result in arbitrary code execution. • https://bugzilla.redhat.com/show_bug.cgi?id=2028932 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 9EXPL: 3CVE-2022-25315 – expat: Integer overflow in storeRawNames()
https://notcve.org/view.php?id=CVE-2022-25315
18 Feb 2022 — This flaw can cause a denial of service or potentially arbitrary code execution. • https://github.com/ShaikUsaf/external_expact_AOSP10_r33_CVE-2022-25315 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 33%CPEs: 1EXPL: 4CVE-2022-22909 – Hotel Druid 3.0.3 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-22909
18 Feb 2022 — HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. Se ha detectado que HotelDruid versión v3.0.3, contiene una vulnerabilidad de ejecución de código remota (RCE) que es aprovechada por medio de un atacante que inserta una carga útil diseñada en el campo name en el módulo Create New Room Hotel Druid version 3.0.3 suffers from a remote code execution vulnera... • https://packetstorm.news/files/id/166052 • CWE-94: Improper Control of Generation of Code ('Code Injection') •