CVE-2023-6200 – Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-6200
Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2023-6200 https://bugzilla.redhat.com/show_bug.cgi?id=2250377 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2024-23742
https://notcve.org/view.php?id=CVE-2024-23742
An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine. Un problema en Loom en macOS versión 0.196.1 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de la configuración RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2024-23742 https://github.com/V3x0r/CVE-2024-23742 https://www.electronjs.org/blog/statement-run-as-node-cves • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-22899 – Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection
https://notcve.org/view.php?id=CVE-2024-22899
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. Se descubrió que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecución remota de código (RCE) autenticada a través de la función syncNtpTime. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function. • https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain http://vinchin.com https://blog.leakix.net/2024/01/vinchin-backup-rce-chain https://seclists.org/fulldisclosure/2024/Jan/29 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-48622 – gnome: heap memory corruption on gdk-pixbuf
https://notcve.org/view.php?id=CVE-2022-48622
When a successful attack is in place, it can lead to a denial of service or in some cases arbitrary code execution. • https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202 https://access.redhat.com/security/cve/CVE-2022-48622 https://bugzilla.redhat.com/show_bug.cgi?id=2260545 • CWE-787: Out-of-bounds Write •
CVE-2024-23618 – Arris SURFboard SBG6950AC2 Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23618
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. • https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability • CWE-306: Missing Authentication for Critical Function •