CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-49528 – Ubuntu Security Notice USN-6803-1
https://notcve.org/view.php?id=CVE-2023-49528
12 Apr 2024 — An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. ... An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30845
https://notcve.org/view.php?id=CVE-2024-30845
12 Apr 2024 — Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. Vulnerabilidad de cross-site scripting en Rainbow external link network disk v.5.5 permite a un atacante remoto ejecutar código arbitrario a través del componente de validación de los parámetros de entrada. • https://gist.github.com/Zshan7que/c813f2b52daab08c9fb4f6c6b8178b66 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6494 – WPC Smart Quick View for WooCommerce <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-6494
12 Apr 2024 — The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_ht... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069323%40woo-smart-quick-view&new=3069323%40woo-smart-quick-view&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44857
https://notcve.org/view.php?id=CVE-2023-44857
12 Apr 2024 — An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. Un problema en Cobham SAILOR VSAT Ku v.164B019 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para la función sub_21D24 en el componente acu_web. • https://pine-amphibian-9b9.notion.site/SAILOR-Ku-Software-RCE-and-Privilege-Escalation-Statistics-report-b8e953249468429d9f60b89ff653847a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44853
https://notcve.org/view.php?id=CVE-2023-44853
12 Apr 2024 — \An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file. Se descubrió un problema en Cobham SAILOR VSAT Ku v.164B019, que permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para la función sub_219C4 en el archivo acu_web. • https://pine-amphibian-9b9.notion.site/SAILOR-Ku-Software-RCE-and-Privilege-Escalation-Diagnostics-report-0f3923d0ed434705b7ed4a6174218c2b?pvs=4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30271 – Adobe Illustrator 2023 CC 27.7 Memory Corruption Out-Of-Bounds-Write Vulnerability III.
https://notcve.org/view.php?id=CVE-2024-30271
11 Apr 2024 — Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/illustrator/apsb24-25.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30272 – Adobe Illustrator 2024 GIF file parsing Out-Of-Bound Write remote code execution vulnerabiity
https://notcve.org/view.php?id=CVE-2024-30272
11 Apr 2024 — Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/illustrator/apsb24-25.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30273 – Adobe Illustrator 2024 PS file Parsing Stack based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30273
11 Apr 2024 — Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/illustrator/apsb24-25.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20795 – Animate has an arbitrary code execution vulnerability when parsing svg files
https://notcve.org/view.php?id=CVE-2024-20795
11 Apr 2024 — Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-26.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21508
https://notcve.org/view.php?id=CVE-2024-21508
11 Apr 2024 — Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. Las versiones del paquete mysql2 anteriores a la 3.9.4 son vulnerables a la ejecución remota de código (RCE) a través de la función readCodeFor debido a una validación incorrecta de los valores supportBigNumbers y bigNumberStrings. • https://blog.slonser.info/posts/mysql2-attacker-configuration • CWE-94: Improper Control of Generation of Code ('Code Injection') •