CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-40414 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-40414
10 Jan 2024 — Processing web content may lead to arbitrary code execution. ... Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which could lead to arbitrary code execution Versions greater than or equal to 2.44.0:4 are affected. • http://www.openwall.com/lists/oss-security/2024/02/05/8 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42833 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-42833
10 Jan 2024 — Processing web content may lead to arbitrary code execution. ... This flaw allows a remote attacker to trigger arbitrary code execution by persuading a victim to visit a specially crafted website. Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which could lead to arbitrary code execution Versions greater than or equal to 2.44.0:4 are affected. • http://www.openwall.com/lists/oss-security/2024/02/05/8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-32366
https://notcve.org/view.php?id=CVE-2023-32366
10 Jan 2024 — Processing a font file may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213670 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-42866
https://notcve.org/view.php?id=CVE-2023-42866
10 Jan 2024 — Processing web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213841 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32401
https://notcve.org/view.php?id=CVE-2023-32401
10 Jan 2024 — Parsing an office document may lead to an unexpected app termination or arbitrary code execution. • https://support.apple.com/en-us/HT213758 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49715
https://notcve.org/view.php?id=CVE-2023-49715
10 Jan 2024 — A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47862
https://notcve.org/view.php?id=CVE-2023-47862
10 Jan 2024 — A specially crafted HTTP request can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1886 • CWE-73: External Control of File Name or Path •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21643 – Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2024-21643
10 Jan 2024 — IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequ... • https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/6.34.0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21737 – Code Injection vulnerability in SAP Application Interface Framework (File Adapter)
https://notcve.org/view.php?id=CVE-2024-21737
09 Jan 2024 — In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability. En SAP Application Interface Framework File Adapter, versión 702, un usuario con privilegios elevados puede utilizar un módulo de funciones para atravesar varias capas y ejecutar co... • https://me.sap.com/notes/3411869 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-21646 – Azure IoT Platform Device SDK Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-21646
09 Jan 2024 — Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01. Azure uAMQP es una librería C de uso general para AMQP 1.0. • https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-190: Integer Overflow or Wraparound •