CVSS: 7.8EPSS: 33%CPEs: 4EXPL: 0CVE-2022-34243 – Adobe Photoshop U3D File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-34243
Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb22-35.html • CWE-416: Use After Free •
CVSS: 8.0EPSS: 0%CPEs: 57EXPL: 0CVE-2022-34663
https://notcve.org/view.php?id=CVE-2022-34663
Affected devices are vulnerable to a web-based code injection attack via the console. An attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected device. • https://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2022-34821
https://notcve.org/view.php?id=CVE-2022-34821
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2), SCALANCE M874-2 (All versions < V7.2), SCALANCE M874-3 (All versions < V7.2), SCALANCE M876-3 (EVDO) (All versions < V7.2), SCALANCE M876-3 (ROK) (All versions < V7.2), SCALANCE M876-4 (All versions < V7.2), SCALANCE M876-4 (EU) (All versions < V7.2), SCALANCE M876-4 (NAM) (All versions < V7.2), SCALANCE MUM853-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2), SCALANCE S615 (All versions < V7.2), SCALANCE S615 EEC (All versions < V7.2), SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges. Se ha identificado una vulnerabilidad en SIMATIC CP 1242-7 V2 (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-1 (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-7 LTE EU (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1243-7 LTE US (Todas las versiones anteriores a V3. 3.46), SIMATIC CP 1243-8 IRC (Todas las versiones anteriores a V3.3.46), SIMATIC CP 1542SP-1 IRC (Todas las versiones posteriores o iguales a V2.0), SIMATIC CP 1543-1 (Todas las versiones anteriores a V3.0.22), SIMATIC CP 1543SP-1 (Todas las versiones posteriores o iguales a V2. 0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (Todas las versiones posteriores o iguales a V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (Todas las versiones posteriores o iguales a V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (Todas las versiones posteriores o iguales a V2. 0), SIPLUS NET CP 1242-7 V2 (Todas las versiones anteriores a V3.3.46), SIPLUS NET CP 1543-1 (Todas las versiones anteriores a V3.0.22), SIPLUS S7-1200 CP 1243-1 (Todas las versiones anteriores a V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (Todas las versiones anteriores a V3.3.46). Al inyectar código a opciones de configuración específicas para OpenVPN, un atacante podría ejecutar código arbitrario con privilegios elevados • https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31135 – Maliciously crafted evidence packet may cause denial of service
https://notcve.org/view.php?id=CVE-2022-31135
Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. ... Akashi es una implementación de servidor de código abierto del videojuego Attorney Online basado en el universo de Ace Attorney. • https://github.com/AttorneyOnline/akashi/commit/5566cdfedddef1f219aee33477d9c9690bf2f78b https://github.com/AttorneyOnline/akashi/security/advisories/GHSA-vj86-vfmg-q68v • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 21%CPEs: 3EXPL: 4CVE-2022-33980 – Apache Commons Configuration insecure interpolation defaults
https://notcve.org/view.php?id=CVE-2022-33980
Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. • https://github.com/HKirito/CVE-2022-33980 https://github.com/tangxiaofeng7/CVE-2022-33980-Apache-Commons-Configuration-RCE https://github.com/sammwyy/CVE-2022-33980-POC https://github.com/P0lar1ght/CVE-2022-33980-POC http://www.openwall.com/lists/oss-security/2022/07/06/5 http://www.openwall.com/lists/oss-security/2022/11/15/4 https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s https://security.netapp.com/advisory/ntap-20221028-0015 https://www.debian.org/security/20 •