CVE-2021-22282 – RCE in B&R Automation Studio with crafted project files
https://notcve.org/view.php?id=CVE-2021-22282
Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12. • https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-45734 – Dsoftbus has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2023-45734
in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md • CWE-787: Out-of-bounds Write •
CVE-2024-21860 – Dsoftbus has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-21860
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md • CWE-416: Use After Free •
CVE-2023-51820
https://notcve.org/view.php?id=CVE-2023-51820
An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. Un problema en Blurams Lumi Security Camera (A31C) v.2.3.38.12558 permite a atacantes físicamente próximos ejecutar código arbitrario. • https://github.com/roman-mueller/PoC/tree/master/CVE-2023-51820 https://infosec.rm-it.de/2024/02/01/blurams-lumi-security-camera-analysis • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-23746
https://notcve.org/view.php?id=CVE-2024-23746
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents). • https://github.com/louiselalanne/CVE-2024-23746 https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection https://miro.com/about https://www.electronjs.org/blog/statement-run-as-node-cves • CWE-94: Improper Control of Generation of Code ('Code Injection') •