CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39444 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-39444
08 Jan 2024 — A specially-crafted .lxt2 file can lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39443 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-39443
08 Jan 2024 — A specially-crafted .lxt2 file can lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38583 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-38583
08 Jan 2024 — A specially crafted .lxt2 file can lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7224
https://notcve.org/view.php?id=CVE-2023-7224
08 Jan 2024 — OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable OpenVPN Connect versión 3.0 a 3.4.6 en macOS permite a los usuarios locales ejecutar código en librerías externas de terceros utilizando la variable de entorno DYLD_INSERT_LIBRARIES • https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6540
https://notcve.org/view.php?id=CVE-2023-6540
03 Jan 2024 — A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. Se informó una vulnerabilidad en las aplicaciones Lenovo Browser Mobile y Lenovo Browser HD para Android que podría permitir a un atacante manipular un payload que podría resultar en la divulgación de información confidencial. • https://iknow.lenovo.com.cn/detail/419251 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51784 – Apache InLong: Remote Code Execution vulnerability in Apache InLong Manager
https://notcve.org/view.php?id=CVE-2023-51784
03 Jan 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. ... Se recomienda a los usuarios actualizar a Apache InLong 1.10.0 o seleccionar [1] para resolverlo. [1] https://github.com/apache/inlong/pull/9329 Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which co... • http://www.openwall.com/lists/oss-security/2024/01/03/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41783 – Command Injection Vulnerability of ZTE's ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41783
03 Jan 2024 — There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. Existe una vulnerabilidad de inyección de comandos en ZXCLOUD iRAI de ZTE. Debido a que el programa no pudo validar adecuadamente la entrada del usuario, un atacante podría aprovechar esta vulnerabilidad para escalar los privilegios locales. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0196 – Magic-Api code injection
https://notcve.org/view.php?id=CVE-2024-0196
02 Jan 2024 — The manipulation leads to code injection. ... Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 96%CPEs: 1EXPL: 6CVE-2024-0195 – spider-flow FunctionController.java FunctionService.saveFunction code injection
https://notcve.org/view.php?id=CVE-2024-0195
02 Jan 2024 — The manipulation leads to code injection. ... Durch Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/Cappricio-Securities/CVE-2024-0195 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41544
https://notcve.org/view.php?id=CVE-2023-41544
30 Dec 2023 — SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. Vulnerabilidad de inyección SSTI en jeecg-boot versión 3.5.3, permite a atacantes remotos ejecutar código arbitrario a través de una solicitud HTTP manipulada al componente /jmreport/loadTableData. • https://pho3n1x-web.github.io/2023/09/18/CVE-2023-41544%28JeecgBoot_SSTI%29 • CWE-94: Improper Control of Generation of Code ('Code Injection') •