A remote code execution vulnerability exists in pgAdmin. The vulnerability is due to insufficient input validation of the utility_path parameter sent to the validate_binary_path endpoint.

A remote command execution vulnerability exist in Exim MTA that uses the Dovecot as the Local Delivery Agent (LDA). The vulnerability is due to the dangerous configuration in Dovecot suggesting the "use_shell" option.

An HTTP request smuggling vulnerability has been reported in Node.js. The vulnerability is due to improper input validation of Transfer-Encoding headers in incoming HTTP requests.

Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.

Threat Encyclopedia

1231936

WEB pgAdmin validate_binary_path Remote Code Execution -1 (CVE-2022-4223)

Critical

2023/01/09

1058289

SMTP Exim with Dovecot LDA sender_address Parameter Remote Command Execution -2 (OSVDB-93004)

High

2023/01/06

1232021

WEB Node.js llhttp Module Multi-line Transfer-Encoding Handling HTTP Request Smuggling (CVE-2022-32215)

Medium

2022/12/30

1232036

WEB Spring Cloud Netflix Hystrix Dashboard Template Remote Code Execution (CVE-2021-22053)

High

2022/12/29