CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31179 – Insufficient escaping of line feeds for CMD in shescape
https://notcve.org/view.php?id=CVE-2022-31179
Versions prior to 1.5.8 were found to be subject to code injection on windows. • https://github.com/ericcornelissen/shescape/pull/332 https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8 https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-36799
https://notcve.org/view.php?id=CVE-2022-36799
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1. Este problema se presenta para documentar que ha sido implementado una mejora de seguridad en la forma en que Jira Server y Data Center usan las plantillas. • https://jira.atlassian.com/browse/JRASERVER-73582 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30083
https://notcve.org/view.php?id=CVE-2022-30083
EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. • https://portswigger.net/support/using-burp-to-test-for-code-injection-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2021-22646 – Ovarro TBox Code Injection
https://notcve.org/view.php?id=CVE-2021-22646
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. El paquete "ipk" que contiene la configuración creada por TWinSoft puede ser cargado, extraído y ejecutado en Ovarro TBox, permitiendo la ejecución de código malicioso • https://www.cisa.gov/uscert/ics/advisories/icsa-21-054-04 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37009
https://notcve.org/view.php?id=CVE-2022-37009
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible En JetBrains IntelliJ IDEA versiones anteriores a 2022.2, era posible una ejecución de código local por medio de un ejecutable Vagrant • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') •