<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>CWE-95 Archives - CVE Vulnerability</title>
	<atom:link href="https://cvevulnerability.com/cwe_categories/cwe-95/feed/" rel="self" type="application/rss+xml" />
	<link>https://cvevulnerability.com/cwe_categories/cwe-95/</link>
	<description></description>
	<lastBuildDate>Sun, 26 Feb 2023 09:10:57 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://cvevulnerability.com/wp-content/uploads/2023/02/cropped-Screenshot-2023-02-27-at-3.52.32-PM-32x32.png</url>
	<title>CWE-95 Archives - CVE Vulnerability</title>
	<link>https://cvevulnerability.com/cwe_categories/cwe-95/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>CVE-2008-5305</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-5305/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:10:57 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-5305/</guid>

					<description><![CDATA[<p>Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-5305/">CVE-2008-5305</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-5305/">CVE-2008-5305</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2008-5071</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-5071/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:10:51 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-5071/</guid>

					<description><![CDATA[<p>Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-5071/">CVE-2008-5071</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-5071/">CVE-2008-5071</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2007-2713</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2007-2713/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:06:25 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2007-2713/</guid>

					<description><![CDATA[<p>ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2007-2713/">CVE-2007-2713</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2007-2713/">CVE-2007-2713</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2007-1253</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2007-1253/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:05:48 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2007-1253/</guid>

					<description><![CDATA[<p>Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2007-1253/">CVE-2007-1253</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2007-1253/">CVE-2007-1253</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2021-33678</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2021-33678/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Thu, 23 Feb 2023 14:10:03 +0000</pubDate>
				<guid isPermaLink="false">http://www.cvevulnerability.com/cve_vulnerabilities/cve-2021-33678/</guid>

					<description><![CDATA[<p>A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions &#8211; 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-33678/">CVE-2021-33678</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions &#8211; 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-33678/">CVE-2021-33678</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2021-22204</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2021-22204/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Thu, 23 Feb 2023 14:07:13 +0000</pubDate>
				<guid isPermaLink="false">http://www.cvevulnerability.com/cve_vulnerabilities/cve-2021-22204/</guid>

					<description><![CDATA[<p>Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-22204/">CVE-2021-22204</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-22204/">CVE-2021-22204</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2021-22205</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2021-22205/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Thu, 23 Feb 2023 14:07:13 +0000</pubDate>
				<guid isPermaLink="false">http://www.cvevulnerability.com/cve_vulnerabilities/cve-2021-22205/</guid>

					<description><![CDATA[<p>An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-22205/">CVE-2021-22205</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-22205/">CVE-2021-22205</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2022-41928</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2022-41928/</link>
		
		<dc:creator><![CDATA[godfreyd94]]></dc:creator>
		<pubDate>Thu, 23 Feb 2023 05:20:53 +0000</pubDate>
				<guid isPermaLink="false">http://www.cvevulnerability.com/cve_vulnerabilities/cve-2022-41928/</guid>

					<description><![CDATA[<p>XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (&#8216;Eval Injection&#8217;) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2022-41928/">CVE-2022-41928</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (&#8216;Eval Injection&#8217;) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: &#8211; 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 &#8211; 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 &#8211; 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2022-41928/">CVE-2022-41928</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2022-41931</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2022-41931/</link>
		
		<dc:creator><![CDATA[godfreyd94]]></dc:creator>
		<pubDate>Thu, 23 Feb 2023 05:20:53 +0000</pubDate>
				<guid isPermaLink="false">http://www.cvevulnerability.com/cve_vulnerabilities/cve-2022-41931/</guid>

					<description><![CDATA[<p>xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (&#8216;Eval Injection&#8217;). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2022-41931/">CVE-2022-41931</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (&#8216;Eval Injection&#8217;). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2022-41931/">CVE-2022-41931</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2022-2054</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2022-2054/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Thu, 23 Feb 2023 05:02:21 +0000</pubDate>
				<guid isPermaLink="false">http://www.cvevulnerability.com/cve_vulnerabilities/cve-2022-2054/</guid>

					<description><![CDATA[<p>Command Injection in GitHub repository nuitka/nuitka prior to 0.9.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2022-2054/">CVE-2022-2054</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Command Injection in GitHub repository nuitka/nuitka prior to 0.9.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2022-2054/">CVE-2022-2054</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
