CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43234
https://notcve.org/view.php?id=CVE-2023-43234
26 Sep 2023 — DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. Se descubrió que DedeBIZ v6.2.11 contiene múltiples vulnerabilidades de Ejecución Remota de Código (RCE) en /admin/file_manage_control.php a través de los parámetros $activepath y $filename. • http://dedebiz.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43222
https://notcve.org/view.php?id=CVE-2023-43222
26 Sep 2023 — SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. SeaCMS v12.8 tiene una vulnerabilidad de escritura de código arbitrario en el archivo /jxz7g2/admin_ping.php. • https://blog.csdn.net/weixin_51394168/article/details/132817842 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0626 – Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route
https://notcve.org/view.php?id=CVE-2023-0626
25 Sep 2023 — Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. Docker Desktop anterior a 4.12.0 es vulnerable a RCE a través de parámetros de consulta en la ruta del cuadro de mensajes. Este problema afecta a Docker Desktop: versiones anteriores a 4.12.0. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0625 – Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog
https://notcve.org/view.php?id=CVE-2023-0625
25 Sep 2023 — Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. Docker Desktop anterior a 4.12.0 es vulnerable a RCE a través de una descripción de extensión manipulada o un registro de cambios. Este problema afecta a Docker Desktop: versiones anteriores a 4.12.0. • https://docs.docker.com/desktop/release-notes/#4120 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23567
https://notcve.org/view.php?id=CVE-2023-23567
25 Sep 2023 — A specially crafted file can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1729 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35002
https://notcve.org/view.php?id=CVE-2023-35002
25 Sep 2023 — A specially crafted malformed file can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32653
https://notcve.org/view.php?id=CVE-2023-32653
25 Sep 2023 — A specially crafted malformed file can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1802 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39453
https://notcve.org/view.php?id=CVE-2023-39453
25 Sep 2023 — A specially crafted malformed file can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1830 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43270
https://notcve.org/view.php?id=CVE-2023-43270
22 Sep 2023 — dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. Se descubrió que dst-admin v1.5.0 contiene una vulnerabilidad de ejecución remota de comandos (RCE) a través del parámetro userId en /home/playerOperate. • https://github.com/Libestor/someCVE/tree/main/dst-admin-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43783
https://notcve.org/view.php?id=CVE-2023-43783
22 Sep 2023 — In some kernel configurations, code injection into the Wine registry is possible. • http://www.openwall.com/lists/oss-security/2023/10/05/4 • CWE-668: Exposure of Resource to Wrong Sphere •