CVSS: 9.1EPSS: 0%CPEs: 25EXPL: 2CVE-2022-20829 – Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-20829
A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. • https://github.com/jbaines-r7/theway https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-asdm-sig-NPKvwDjm https://www.rapid7.com/blog/post/2022/08/11/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1743 – 2.2.5 PATH TRAVERSAL: '../FILEDIR' CWE-24
https://notcve.org/view.php?id=CVE-2022-1743
The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 • CWE-24: Path Traversal: '../filedir' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20095 – Simple Ads Manager Plugin code injection
https://notcve.org/view.php?id=CVE-2017-20095
The manipulation leads to code injection. • http://seclists.org/fulldisclosure/2017/Feb/80 https://vuldb.com/?id.97372 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2147 – Unquoted Service Path in Cloudflare WARP for Windows
https://notcve.org/view.php?id=CVE-2022-2147
Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. • https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r • CWE-428: Unquoted Search Path or Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20086 – VaultPress Plugin code injection
https://notcve.org/view.php?id=CVE-2017-20086
The manipulation leads to code injection. • http://seclists.org/fulldisclosure/2017/Feb/95 https://vuldb.com/?id.97383 • CWE-94: Improper Control of Generation of Code ('Code Injection') •