CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20587
https://notcve.org/view.php?id=CVE-2023-20587
13 Feb 2024 — Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. ... Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009 •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2024-21378 – Microsoft Outlook Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-21378
13 Feb 2024 — Microsoft Outlook Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft Outlook • https://github.com/d0rb/CVE-2024-21378 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 15EXPL: 0CVE-2024-21351 – Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-21351
13 Feb 2024 — Windows SmartScreen Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la función de seguridad SmartScreen de Windows Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21351 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22132 – Code Injection vulnerability in SAP IDES Systems
https://notcve.org/view.php?id=CVE-2024-22132
13 Feb 2024 — SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. SAP IDES ECC-systems contienen código que permite la ejecución de código de programa arbitrario elegido por el usuario. Por lo tanto, un atacante puede controlar el comportamiento del sistema ejecut... • https://me.sap.com/notes/3421659 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-22131 – Code Injection vulnerability in SAP ABA (Application Basis)
https://notcve.org/view.php?id=CVE-2024-22131
13 Feb 2024 — In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable. En SAP ABA (Application Bas... • https://me.sap.com/notes/3420923 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1273 – Starbox < 3.5.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-1273
13 Feb 2024 — The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks El complemento Starbox de WordPress anterior a 3.5.0 no sanitiza ni escapa a algunos parámetros, lo que podría permitir a usuarios con un rol tan bajo como Colaborador realizar ataques de cross-site scripting The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all vers... • https://wpscan.com/vulnerability/9784d7c8-e3aa-42af-ace8-5b2b37ebc9cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20739 – ZDI-CAN-22647: Adobe Audition AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20739
13 Feb 2024 — Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/audition/apsb24-11.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-20728 – ZDI-CAN-22727: Adobe Acrobat Pro DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20728
13 Feb 2024 — Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 16CVE-2024-25600 – WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-25600
13 Feb 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. • https://packetstorm.news/files/id/177801 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42374
https://notcve.org/view.php?id=CVE-2023-42374
13 Feb 2024 — An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. Un problema en mystenlabs Sui Blockchain anterior a v.1.6.3 permite a un atacante remoto ejecutar código arbitrario y provocar una denegación de servicio a través de un script comprimido manipulado para el componente del nodo Sui. • https://beosin.com/resources/%22memory-bomb%22-vulnerability-causes-sui-node-to-crash?lang=en-US • CWE-94: Improper Control of Generation of Code ('Code Injection') •