CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39207 – Persistent XSS in OneDev
https://notcve.org/view.php?id=CVE-2022-39207
In the worst case, this can lead to arbitrary code execution on the server, because admins can create Server Shell Executors and use them to run any command on the server. • https://blog.sonarsource.com/onedev-remote-code-execution https://github.com/theonedev/onedev/commit/adb6e31476621f824fc3227a695232df830d83ab https://github.com/theonedev/onedev/security/advisories/GHSA-27fw-gv88-qrpg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32912 – Apple WebKit WebGL2 drawRangeElements Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-32912
Processing maliciously crafted web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/39 http://seclists.org/fulldisclosure/2022/Oct/40 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/47 http://seclists.org/fulldisclosure/2022/Oct/49 http://seclists.org/fulldisclosure/2022/Oct/50 https://support.apple.com/en-us/HT213442 https://support.apple.com/en-us/HT213445 https://support.apple.com/en-us/HT213446 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-32886 – webkitgtk: buffer overflow issue was addressed with improved memory handling
https://notcve.org/view.php?id=CVE-2022-32886
Processing maliciously crafted web content may lead to arbitrary code execution. ... Processing maliciously crafted web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/39 http://seclists.org/fulldisclosure/2022/Oct/41 https://lists.debian.org/debian-lts-announce/2022/09/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74MXH2U5GA4CX3L3NLYP4TBO4O2VOPBJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDV6OLKDTL55NH4LNSMLQ4D6LLSX6JU2 https://lists.fedoraproject.org/archives/list/package-announce%40list • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2979 – Omron CX-Programmer
https://notcve.org/view.php?id=CVE-2022-2979
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0CVE-2022-31226
https://notcve.org/view.php?id=CVE-2022-31226
A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/000202196 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •