CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21216
https://notcve.org/view.php?id=CVE-2023-21216
04 Dec 2023 — In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. • https://source.android.com/security/bulletin/2023-12-01 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21215
https://notcve.org/view.php?id=CVE-2023-21215
04 Dec 2023 — In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. • https://source.android.com/security/bulletin/2023-12-01 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21166
https://notcve.org/view.php?id=CVE-2023-21166
04 Dec 2023 — In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. • https://source.android.com/security/bulletin/2023-12-01 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21164
https://notcve.org/view.php?id=CVE-2023-21164
04 Dec 2023 — In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. • https://source.android.com/security/bulletin/2023-12-01 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21163
https://notcve.org/view.php?id=CVE-2023-21163
04 Dec 2023 — In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. • https://source.android.com/security/bulletin/2023-12-01 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21162
https://notcve.org/view.php?id=CVE-2023-21162
04 Dec 2023 — In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. • https://source.android.com/security/bulletin/2023-12-01 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-49093 – HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
https://notcve.org/view.php?id=CVE-2023-49093
04 Dec 2023 — HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0 HtmlUnit es un navegador sin GUI para programas Java. HtmlUnit es vulnerable a la ejecución remota de código (RCE) a través de XSTL, al navegar por la página web del atacante. Esta vulnerabilidad ha sido parcheada en la versión 3.9.0. • https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48825 – PHPJabbers Availability Booking Calendar 5.0 HTML Injection
https://notcve.org/view.php?id=CVE-2023-48825
04 Dec 2023 — Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Availability Booking Calendar 5.0 es vulnerable a múltiples problemas de inyección de HTML a través de la clave API de SMS o el código de país predeterminado. PHPJabbers Availability Booking Calendar version 5.0 suffers from an html injection vulnerability. • https://packetstorm.news/files/id/176033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48838 – PHPJabbers Appointment Scheduler 3.0 HTML Injection
https://notcve.org/view.php?id=CVE-2023-48838
04 Dec 2023 — Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. Appointment Scheduler 3.0 es vulnerable a múltiples problemas de inyección de HTML a través de la clave API de SMS o el código de país predeterminado. PHPJabbers Appointment Scheduler version 3.0 suffers from multiple html injection vulnerabilities. • https://packetstorm.news/files/id/176054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48837 – PHPJabbers Car Rental 3.0 HTML Injection
https://notcve.org/view.php?id=CVE-2023-48837
04 Dec 2023 — Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Car Rental Script 3.0 es vulnerable a múltiples problemas de inyección de HTML a través de una clave API de SMS o un código de país predeterminado. PHPJabbers Car Rental version 3.0 suffers from an html injection vulnerability. • https://packetstorm.news/files/id/176048 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •