CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35976 – Improper KubeConfig handling allows arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-35976
A specially crafted kubeconfig leads to arbitrary code execution on behalf of the user running VSCode. ... Please note that the vulnerability is specific to this extension, and the same kubeconfig would not result in arbitrary code execution when used with kubectl. • https://github.com/weaveworks/vscode-gitops-tools/security/advisories/GHSA-287h-vjhw-jqf7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35975 – Improper object validation allows for arbitrary code execution in GitOps Tools Extension for VSCode
https://notcve.org/view.php?id=CVE-2022-35975
The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that are shared amongst other users are affected by this issue. The only safe mitigation is to update to the latest version of the extension. La extensión de GitOps Tools para VSCode puede facilitar la administración de objetos Flux. • https://github.com/weaveworks/vscode-gitops-tools/security/advisories/GHSA-873x-829r-gxcp • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-35516
https://notcve.org/view.php?id=CVE-2022-35516
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. Se ha detectado que DedeCMS versiones v5.7.93 - v5.7.96, contienen una vulnerabilidad de ejecución de código remota en el archivo login.php. • https://github.com/whitehatl/Vulnerability/blob/main/web/dedecms/5.7.93/Login.poc.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36216
https://notcve.org/view.php?id=CVE-2022-36216
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. Se ha detectado que DedeCMS versiones v5.7.94 - v5.7.97, contienen una vulnerabilidad de ejecución de código remota en el archivo member_toadmin.php. • https://github.com/whitehatl/Vulnerability/blob/main/web/dedecms/5.7.94/member_toadmin.poc.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2022-34257 – Adobe Commerce Stored XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-34257
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Adobe Commerce versiones 2.4.3-p2 (y anteriores), 2.3.7-p3 (y anteriores) y 2.4.4 (y anteriores) están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado de la que podría abusar un atacante para inyectar scripts maliciosos en campos de formulario vulnerables. El JavaScript malicioso podría ejecutarse en el navegador de la víctima cuando ésta navega a la página que contiene el campo vulnerable. • https://helpx.adobe.com/security/products/magento/apsb22-38.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •