CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23647 – PKCE downgrade attack in Authentik
https://notcve.org/view.php?id=CVE-2024-23647
30 Jan 2024 — Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. • https://github.com/goauthentik/authentik/commit/38e04ae12720e5d81b4f7ac77997eb8d1275d31a • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21649 – Remote code execution
https://notcve.org/view.php?id=CVE-2024-21649
30 Jan 2024 — The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0. La tecnología vantage6 permite gestionar e implementar tecnologías que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). Antes de 4.2.0, los usuarios auten... • https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37518 – A code injection vulnerability affects HCL BigFix ServiceNow Data Flow
https://notcve.org/view.php?id=CVE-2023-37518
30 Jan 2024 — HCL BigFix ServiceNow is vulnerable to arbitrary code injection. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110202 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0788 – SUPERAntiSpyware Pro X v10.0.1260 - Kernel-level API parameters manipulation
https://notcve.org/view.php?id=CVE-2024-0788
29 Jan 2024 — SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. SUPERAntiSpyware Pro X v10.0.1260 es vulnerable a la manipulación de parámetros API a nivel de kernel y vulnerabilidades de denegación de servicio al activar el código IOCTL 0x9C402140 del controlador saskutil64.sys. • https://fluidattacks.com/advisories/brubeck • CWE-20: Improper Input Validation CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1015 – Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3
https://notcve.org/view.php?id=CVE-2024-1015
29 Jan 2024 — Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device. Vulnerabilidad de ejecución remota de comandos en SE-elektronic GmbH E-DDC3.3 que afecta a las versiones 03.07.03 y superiores. Un atacante podría enviar diferentes comandos desde el sistema operativo al sistema a través de la funcionalidad de configuración web del... • https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6200 – Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-6200
28 Jan 2024 — Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2023-6200 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23742
https://notcve.org/view.php?id=CVE-2024-23742
28 Jan 2024 — An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine. Un problema en Loom en macOS versión 0.196.1 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de la configuración RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2024-23742 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-22899 – Vinchin Backup and Recovery 7.2 syncNtpTime Command Injection
https://notcve.org/view.php?id=CVE-2024-22899
26 Jan 2024 — Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. Se descubrió que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecución remota de código (RCE) autenticada a través de la función syncNtpTime. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function. • https://packetstorm.news/files/id/176793 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48622 – gnome: heap memory corruption on gdk-pixbuf
https://notcve.org/view.php?id=CVE-2022-48622
26 Jan 2024 — When a successful attack is in place, it can lead to a denial of service or in some cases arbitrary code execution. • https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23618 – Arris SURFboard SBG6950AC2 Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23618
25 Jan 2024 — An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. • https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability • CWE-306: Missing Authentication for Critical Function •