CVSS: 9.0EPSS: 95%CPEs: 1EXPL: 2CVE-2023-52251 – Kafka UI 0.7.1 Command Injection
https://notcve.org/view.php?id=CVE-2023-52251
25 Jan 2024 — An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. Un problema descubierto en provectus kafka-ui v0.4.0 a v0.7.1 permite a atacantes remotos ejecutar código arbitrario a través del parámetro q de /api/clusters/local/topics/{topic}/messages. A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shel... • https://packetstorm.news/files/id/177214 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-31037
https://notcve.org/view.php?id=CVE-2023-31037
24 Jan 2024 — NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. • https://nvidia.custhelp.com/app/answers/detail/a_id/5511 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6846 – File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6846
24 Jan 2024 — The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function. El complemento File Manager Pro para WordPress es vulnerable a la carga arbitraria de archivos en todas ... • https://gist.github.com/Kun19/046b2b305cac5f2edd38037984c2e8e3 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0752 – Gentoo Linux Security Advisory 202402-26
https://notcve.org/view.php?id=CVE-2024-0752
23 Jan 2024 — Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1866840 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0744 – Gentoo Linux Security Advisory 202402-26
https://notcve.org/view.php?id=CVE-2024-0744
23 Jan 2024 — Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1871089 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0755 – Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
https://notcve.org/view.php?id=CVE-2024-0755
23 Jan 2024 — Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. Errores de seguridad de la memoria presentes en Firefox 121, Firefox ESR 115.6 y Thunderbird 115.6. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23222 – Apple Multiple Products WebKit Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2024-23222
23 Jan 2024 — Processing maliciously crafted web content may lead to arbitrary code execution. ... Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT214055 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-23214 – Apple Security Advisory 01-22-2024-3
https://notcve.org/view.php?id=CVE-2024-23214
23 Jan 2024 — Processing maliciously crafted web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Jan/33 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2024-23208 – Apple Security Advisory 01-22-2024-8
https://notcve.org/view.php?id=CVE-2024-23208
23 Jan 2024 — The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. • https://github.com/hrtowii/CVE-2024-23208-test • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42881
https://notcve.org/view.php?id=CVE-2023-42881
23 Jan 2024 — Processing a file may lead to unexpected app termination or arbitrary code execution. • https://support.apple.com/en-us/HT214036 •