CVSS: 10.0EPSS: 0%CPEs: 236EXPL: 0CVE-2022-23821
https://notcve.org/view.php?id=CVE-2022-23821
14 Nov 2023 — Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 •
CVSS: 10.0EPSS: 0%CPEs: 230EXPL: 0CVE-2022-23820
https://notcve.org/view.php?id=CVE-2022-23820
14 Nov 2023 — Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 126EXPL: 0CVE-2023-20568
https://notcve.org/view.php?id=CVE-2023-20568
14 Nov 2023 — Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.7EPSS: 0%CPEs: 126EXPL: 0CVE-2023-20567
https://notcve.org/view.php?id=CVE-2023-20567
14 Nov 2023 — Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 1CVE-2023-6131 – Code Injection in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-6131
14 Nov 2023 — Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. • https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2023-6126 – Code Injection in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-6126
14 Nov 2023 — Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. • https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 1CVE-2023-6125 – Code Injection in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-6125
14 Nov 2023 — Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. • https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-25181
https://notcve.org/view.php?id=CVE-2023-25181
14 Nov 2023 — A specially crafted set of network packets can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1726 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45560
https://notcve.org/view.php?id=CVE-2023-45560
14 Nov 2023 — An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. Un problema en la tarjeta de miembro de Yasukawa v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la filtración del token de acceso al canal. • https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45560.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5762 – Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext
https://notcve.org/view.php?id=CVE-2023-5762
13 Nov 2023 — The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. El complemento Filr de WordPress anterior a 1.2.3.6 es afectado por una vulnerabilidad RCE (ejecución remota de código), que permite al sistema operativo ejecutar comandos y comprometer completamente el servidor en nombre de un usuario con privilegios de nivel de autor.... • https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb • CWE-94: Improper Control of Generation of Code ('Code Injection') •