CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22282 – RCE in B&R Automation Studio with crafted project files
https://notcve.org/view.php?id=CVE-2021-22282
02 Feb 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12. • https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45734 – Dsoftbus has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2023-45734
02 Feb 2024 — in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21860 – Dsoftbus has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-21860
02 Feb 2024 — in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2023-51820
https://notcve.org/view.php?id=CVE-2023-51820
02 Feb 2024 — An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. Un problema en Blurams Lumi Security Camera (A31C) v.2.3.38.12558 permite a atacantes físicamente próximos ejecutar código arbitrario. • https://github.com/roman-mueller/PoC/tree/master/CVE-2023-51820 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-50488
https://notcve.org/view.php?id=CVE-2023-50488
02 Feb 2024 — An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. Un problema en Blurams Lumi Security Camera (A31C) v23.0406.435.4120 permite a los atacantes ejecutar código arbitrario. • https://github.com/roman-mueller/PoC/tree/master/CVE-2023-50488 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22533
https://notcve.org/view.php?id=CVE-2024-22533
02 Feb 2024 — Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. • https://gitee.com/xiandafu/beetl/issues/I8RU01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2024-23746
https://notcve.org/view.php?id=CVE-2024-23746
02 Feb 2024 — Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents). • https://github.com/louiselalanne/CVE-2024-23746 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0325 – Command Injection in Helix Sync
https://notcve.org/view.php?id=CVE-2024-0325
01 Feb 2024 — In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. En las versiones de Helix Sync anteriores a la 2024.1, se identificó una inyección de comando local. Reportado por Bryan Riggins. • https://perforce.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47257
https://notcve.org/view.php?id=CVE-2023-47257
01 Feb 2024 — ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. ConnectWise ScreenConnect hasta la versión 23.8.4 permite a atacantes de man in the middle lograr la ejecución remota de código a través de mensajes manipulados. • https://web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1117 – openBI Screen.php index code injection
https://notcve.org/view.php?id=CVE-2024-1117
31 Jan 2024 — The manipulation of the argument fileurl leads to code injection. ... Durch die Manipulation des Arguments fileurl mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://note.zhaoj.in/share/Liu1nbjddxu4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •