CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51387 – Expression Injection Vulnerability in Hertzbeat
https://notcve.org/view.php?id=CVE-2023-51387
Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. • https://github.com/dromara/hertzbeat/blob/6b599495763120ad1df6f4ed4b6713bb4885d8e2/home/blog/2023-09-26-hertzbeat-v1.4.1.md https://github.com/dromara/hertzbeat/commit/8dcf050e27ca95d15460a7ba98a3df8a9cd1d3d2 https://github.com/dromara/hertzbeat/security/advisories/GHSA-4576-m8px-w9qj • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51015
https://notcve.org/view.php?id=CVE-2023-51015
TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi TOTOLINX EX1800T v9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios en 'enable parameter' de la interfaz setDmzCfg del cstecgi .cgi • https://815yang.github.io/2023/12/11/EX1800T/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setDmzCfg • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49391
https://notcve.org/view.php?id=CVE-2023-49391
An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. Se descubrió un problema en free5GC versión 3.3.0, que permite a atacantes remotos ejecutar código arbitrario y provocar una denegación de servicio (DoS) en el componente AMF a través de un mensaje NGAP manipulado. • https://github.com/free5gc/free5gc/issues/497 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51026
https://notcve.org/view.php?id=CVE-2023-51026
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. TOTOlink EX1800T V9.1.0cu.2112_B20220316 es vulnerable a la ejecución de comandos arbitrarios no autorizados en el parámetro 'hour' de la interfaz setRebootScheCfg de cstecgi .cgi. • https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setRebootScheCfg-hour • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49004
https://notcve.org/view.php?id=CVE-2023-49004
An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. Un problema en D-Link DIR-850L v.B1_FW223WWb01 permite a un atacante remoto ejecutar código arbitrario a través de un script manipualdo para el parámetro en. • https://github.com/ef4tless/vuln/blob/master/iot/DIR-850L/bug1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •