CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39444
https://notcve.org/view.php?id=CVE-2023-39444
A specially-crafted .lxt2 file can lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1826 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39443
https://notcve.org/view.php?id=CVE-2023-39443
A specially-crafted .lxt2 file can lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1826 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38583
https://notcve.org/view.php?id=CVE-2023-38583
A specially crafted .lxt2 file can lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1827 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7224
https://notcve.org/view.php?id=CVE-2023-7224
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable OpenVPN Connect versión 3.0 a 3.4.6 en macOS permite a los usuarios locales ejecutar código en librerías externas de terceros utilizando la variable de entorno DYLD_INSERT_LIBRARIES • https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6540
https://notcve.org/view.php?id=CVE-2023-6540
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. Se informó una vulnerabilidad en las aplicaciones Lenovo Browser Mobile y Lenovo Browser HD para Android que podría permitir a un atacante manipular un payload que podría resultar en la divulgación de información confidencial. • https://iknow.lenovo.com.cn/detail/419251 • CWE-94: Improper Control of Generation of Code ('Code Injection') •