CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-42898 – Apple Security Advisory 12-11-2023-8
https://notcve.org/view.php?id=CVE-2023-42898
12 Dec 2023 — Processing an image may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Dec/12 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42908 – Apple Security Advisory 12-11-2023-4
https://notcve.org/view.php?id=CVE-2023-42908
12 Dec 2023 — Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Dec/9 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42903 – Apple Security Advisory 12-11-2023-4
https://notcve.org/view.php?id=CVE-2023-42903
12 Dec 2023 — Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Dec/9 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42902 – Apple macOS VideoToolbox Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42902
12 Dec 2023 — Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Dec/9 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2023-43364
https://notcve.org/view.php?id=CVE-2023-43364
12 Dec 2023 — main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution. main.py en Searchor anterior a 2.4.2 usa eval en la entrada CLI, lo que puede provocar la ejecución inesperada de código. • https://github.com/libertycityhacker/CVE-2023-43364-Exploit-CVE • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5500 – Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-5500
11 Dec 2023 — This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device. • https://cert.vde.com/en/advisories/VDE-2023-049 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 7CVE-2023-6553 – Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-6553
11 Dec 2023 — The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server. El complemento Backup Migration para WordPress es vulnerable a la ejecución remota de código en todas las ve... • https://packetstorm.news/files/id/176147 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5058
https://notcve.org/view.php?id=CVE-2023-5058
07 Dec 2023 — Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. • https://www.kb.cert.org/vuls/id/811862 • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43301
https://notcve.org/view.php?id=CVE-2023-43301
07 Dec 2023 — An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Un problema en la miniaplicación DARTS SHOP MAXIM en Line v13.6.1 permite a los atacantes enviar notificaciones maliciosas manipuladas mediante la fuga del token de acceso al canal. • https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43301.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49852 – WordPress Responsive Slick Slider WordPress plugin <= 1.4 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-49852
07 Dec 2023 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Vsourz Digital Responsive Slick Slider WordPress permite la inyección de código. Este problema afecta a Responsive Slick Slider WordPress: desde n... • https://patchstack.com/database/vulnerability/responsive-slick-slider/wordpress-responsive-slick-slider-wordpress-plugin-1-4-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •