Vulnerabilities (CVE)

Filtered by CWE-94
Total 3677 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24780 1 Combodo 1 Itop 2024-11-21 6.5 MEDIUM 8.8 HIGH
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.
CVE-2022-24735 4 Fedoraproject, Netapp, Oracle and 1 more 5 Fedora, Management Services For Element Software, Management Services For Netapp Hci and 2 more 2024-11-21 6.8 MEDIUM 3.9 LOW
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.
CVE-2022-24734 1 Mybb 1 Mybb 2024-11-21 6.5 MEDIUM 7.2 HIGH
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.
CVE-2022-24665 1 Php Everywhere Project 1 Php Everywhere 2024-11-21 6.5 MEDIUM 9.9 CRITICAL
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.
CVE-2022-24664 1 Php Everywhere Project 1 Php Everywhere 2024-11-21 4.0 MEDIUM 9.9 CRITICAL
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts.
CVE-2022-24663 1 Php Everywhere Project 1 Php Everywhere 2024-11-21 6.5 MEDIUM 9.9 CRITICAL
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user.
CVE-2022-24442 1 Jetbrains 1 Youtrack 2024-11-21 7.5 HIGH 9.8 CRITICAL
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVE-2022-24429 1 Convert-svg-core Project 1 Convert-svg-core 2024-11-21 6.8 MEDIUM 7.5 HIGH
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.
CVE-2022-24295 1 Okta 1 Advanced Server Access Client For Windows 2024-11-21 6.8 MEDIUM 8.8 HIGH
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.
CVE-2022-23810 1 Appleple 1 A-blog Cms 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors.
CVE-2022-23631 1 Blitzjs 2 Blitz, Superjson 2024-11-21 7.5 HIGH 9.0 CRITICAL
superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. This has been patched in superjson 1.8.1. Users are advised to update. There are no known workarounds for this issue.
CVE-2022-23614 3 Debian, Fedoraproject, Symfony 3 Debian Linux, Fedora, Twig 2024-11-21 7.5 HIGH 8.8 HIGH
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.
CVE-2022-23503 1 Typo3 1 Typo3 2024-11-21 N/A 7.5 HIGH
TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
CVE-2022-23332 1 Ejointech 6 Acom508, Acom508 Firmware, Acom516 and 3 more 2024-11-21 9.0 HIGH 8.8 HIGH
Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field.
CVE-2022-23120 2 Linux, Trendmicro 2 Linux Kernel, Deep Security Agent 2024-11-21 6.9 MEDIUM 7.8 HIGH
A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.
CVE-2022-23088 2024-11-21 N/A 9.8 CRITICAL
The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution.
CVE-2022-22965 5 Cisco, Oracle, Siemens and 2 more 39 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 36 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVE-2022-22954 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVE-2022-22909 1 Digitaldruid 1 Hoteldruid 2024-11-21 6.5 MEDIUM 8.8 HIGH
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.
CVE-2022-22286 2 Google, Samsung 2 Android, Bixby Routines 2024-11-21 3.6 LOW 4.4 MEDIUM
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.