CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23213 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2024-23213
23 Jan 2024 — Processing web content may lead to arbitrary code execution. ... This flaw allows a remote attacker to trigger arbitrary code execution by persuading a victim to visit a specially crafted website. ... Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Jan/27 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23206 – webkitgtk: A maliciously crafted webpage may be able to fingerprint the user
https://notcve.org/view.php?id=CVE-2024-23206
23 Jan 2024 — Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Jan/27 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36177 – Debian Security Advisory 5847-1
https://notcve.org/view.php?id=CVE-2023-36177
23 Jan 2024 — An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. Se descubrió un problema en badaix Snapcast versión 0.27.0, que permite a atacantes remotos ejecutar código arbitrario y obtener información confidencial a través de una solicitud manipulada en JSON-RPC-API. It was discovered that the JSON RPC interface of the server component of Snapcast, a multi-room client-server audio player, all... • http://snapcast.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0605
https://notcve.org/view.php?id=CVE-2024-0605
22 Jan 2024 — This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. • https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23750
https://notcve.org/view.php?id=CVE-2024-23750
22 Jan 2024 — MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. MetaGPT hasta 0.6.4 permite que la función QaEngineer ejecute código arbitrario porque RunCode.run_script() pasa metacaracteres de shell al subproceso.Popen. • https://github.com/geekan/MetaGPT/issues/731 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0521 – Code Injection in paddlepaddle/paddle
https://notcve.org/view.php?id=CVE-2024-0521
20 Jan 2024 — Code Injection in paddlepaddle/paddle Inyección de código en paddlepaddle/paddle • https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0738 – 个人开源 mldong DecisionModel.java ExpressionEngine code injection
https://notcve.org/view.php?id=CVE-2024-0738
19 Jan 2024 — The manipulation leads to code injection. ... Mit der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50447 – pillow: Arbitrary Code Execution via the environment parameter
https://notcve.org/view.php?id=CVE-2023-50447
19 Jan 2024 — Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). ... The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter. • http://www.openwall.com/lists/oss-security/2024/01/20/1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 1CVE-2023-6548 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-6548
17 Jan 2024 — Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code exe... • https://github.com/Roonye660/CVE-2023-6548-POC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2024-0507 – Privilege Escalation by Code Injection in the Management Console in GitHub Enterprise Server
https://notcve.org/view.php?id=CVE-2024-0507
16 Jan 2024 — An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. Un atacante con acceso a una cuenta de usuario de Management Console con función de editor podría escalar privilegios a través de una vulne... • https://github.com/convisolabs/CVE-2024-0507_CVE-2024-0200-github • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •