CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1921 – gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files
https://notcve.org/view.php?id=CVE-2022-1921
Potential for arbitrary code execution through heap overwrite. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224 https://lists.debian.org/debian-lts-announce/2022/08/msg00001.html https://www.debian.org/security/2022/dsa-5204 https://access.redhat.com/security/cve/CVE-2022-1921 https://bugzilla.redhat.com/show_bug.cgi?id=2130949 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23201 – Adobe RoboHelp Reflected XSS could lead to Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-23201
Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Adobe RoboHelp versiones 2020.0.7 (y anteriores), están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado. Si un atacante es capaz de convencer a una víctima de que visite una URL que haga referencia a una página vulnerable, puede ejecutarse contenido JavaScript malicioso en el contexto del navegador de la víctima • https://helpx.adobe.com/security/products/robohelp/apsb22-10.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-34230 – Adobe Acrobat Reader Use After Free could lead to Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-34230
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-32.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-34221 – Adobe Acrobat Reader Type Confusion vulnerability could lead to Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-34221
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-32.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2022-31161 – Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload
https://notcve.org/view.php?id=CVE-2022-31161
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue. Roxy-WI es una interfaz web para administrar los servidores HAProxy, Nginx y Keepalived. En versiones anteriores a 6.1.1.0, el comando del sistema puede ser ejecutado remotamente por medio de la función subprocess_execute sin procesar las entradas recibidas del usuario en el archivo /app/options.py. • https://www.exploit-db.com/exploits/51228 http://packetstormsecurity.com/files/171652/Roxy-WI-6.1.1.0-Remote-Code-Execution.html https://github.com/hap-wi/roxy-wi/releases/tag/v6.1.1.0 https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-pg3w-8p63-x483 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •