CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28798 – Out-of-bounds write to heap in pacparser
https://notcve.org/view.php?id=CVE-2023-28798
An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-3955 – Arbitrary code execution in CraftBeerPi 4
https://notcve.org/view.php?id=CVE-2024-3955
URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4: from 4.0.0.58 (commit 563fae9) before 4.4.1.a1 (commit 57572c7). El parámetro GET de URL "logtime" utilizado dentro de la función "downloadlog" de "cbpi/http_endpoints/http_system.py" se pasa posteriormente a la función "os.system" en "cbpi/controller/system_controller.py" sin validación previa que permita ejecutar código arbitrario. Este problema afecta a CraftBeerPi 4: desde 4.0.0.58 (commit 563fae9) antes de 4.4.1.a1 (commit 57572c7). • https://cert.pl/en/posts/2024/05/CVE-2024-3955 https://cert.pl/posts/2024/05/CVE-2024-3955 https://github.com/PiBrewing/craftbeerpi4/issues/132 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-29309
https://notcve.org/view.php?id=CVE-2024-29309
An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service. Un problema en Alfresco Content Services v.23.3.0.7 permite a un atacante remoto ejecutar código arbitrario a través del Servicio de Transferencia. • https://gist.github.com/Siebene/c22e1a4a4a8b61067180475895e60858 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-33394
https://notcve.org/view.php?id=CVE-2024-33394
An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. Un problema en kubevirt kubevirt v1.2.0 y anteriores permite a un atacante local ejecutar código arbitrario mediante un comando manipulado para obtener el componente token. • https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23480 – Insecure MacOS code sign check fallback
https://notcve.org/view.php?id=CVE-2024-23480
A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2 • CWE-347: Improper Verification of Cryptographic Signature •