CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39333 – nodejs: code injection via WebAssembly export names
https://notcve.org/view.php?id=CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. • https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46987
https://notcve.org/view.php?id=CVE-2023-46987
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. Se descubrió que SeaCMS v12.9 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente /augap/adminip.php. • http://seacms.com http://www.seacms.com https://blog.csdn.net/weixin_72610998/article/details/133420747?spm=1001.2014.3001.5501 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-47883
https://notcve.org/view.php?id=CVE-2023-47883
The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. La aplicación de navegador de TV com.altamirano.fabricio.tvbrowser hasta 4.5.1 para Android es vulnerable a la ejecución de código JavaScript mediante un intent explícito debido a una MainActivity expuesta. • https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/AFC-POC.apk https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/CWE-94.md https://github.com/actuator/com.altamirano.fabricio.tvbrowser/blob/main/TVBrowserDemo.gif • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49001
https://notcve.org/view.php?id=CVE-2023-49001
An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. Un problema en Indi Browser (aka kvbrowser) v.12.11.23 permite a un atacante omitir las restricciones de acceso previstas mediante la interacción con el componente com.example.gurry.kvbrowswer.webview. • https://github.com/actuator/com.gurry.kvbrowser/blob/main/CWE-94.md https://github.com/actuator/cve/blob/main/CVE-2023-49001 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49000
https://notcve.org/view.php?id=CVE-2023-49000
An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. Un problema en ArtistScope ArtisBrowser v.34.1.5 y anteriores permite a un atacante omitir las restricciones de acceso previstas mediante la interacción con el componente com.artis.browser.IntentReceiverActivity. An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. NOTE: this is disputed by the vendor, who indicates that ArtisBrowser 34 does not support CSS3. • https://github.com/actuator/com.artis.browser/blob/main/CWE-94.md https://github.com/actuator/cve/blob/main/CVE-2023-49000 https://github.com/advisories/GHSA-866h-q63m-66xm • CWE-94: Improper Control of Generation of Code ('Code Injection') •