CVE-2024-23746
https://notcve.org/view.php?id=CVE-2024-23746
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents). • https://github.com/louiselalanne/CVE-2024-23746 https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection https://miro.com/about https://www.electronjs.org/blog/statement-run-as-node-cves • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-50488
https://notcve.org/view.php?id=CVE-2023-50488
An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. Un problema en Blurams Lumi Security Camera (A31C) v23.0406.435.4120 permite a los atacantes ejecutar código arbitrario. • https://github.com/roman-mueller/PoC/tree/master/CVE-2023-50488 https://infosec.rm-it.de/2024/02/01/blurams-lumi-security-camera-analysis • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-22533
https://notcve.org/view.php?id=CVE-2024-22533
Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. • https://gitee.com/xiandafu/beetl/issues/I8RU01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-0325 – Command Injection in Helix Sync
https://notcve.org/view.php?id=CVE-2024-0325
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. En las versiones de Helix Sync anteriores a la 2024.1, se identificó una inyección de comando local. Reportado por Bryan Riggins. • https://perforce.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-47257
https://notcve.org/view.php?id=CVE-2023-47257
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. ConnectWise ScreenConnect hasta la versión 23.8.4 permite a atacantes de man in the middle lograr la ejecución remota de código a través de mensajes manipulados. • https://web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256 https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix • CWE-94: Improper Control of Generation of Code ('Code Injection') •