CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 4CVE-2023-41993 – Apple Multiple Products WebKit Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41993
21 Sep 2023 — Processing web content may lead to arbitrary code execution. ... This issue occurs when processing web content, which may lead to arbitrary code execution. Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution. Bill Marczak and Maddie Stone discovered that proces... • https://github.com/po6ix/POC-for-CVE-2023-41993 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4291 – Frauscher FDS101 for FAdC/FAdCi remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-4291
21 Sep 2023 — Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device. Frauscher Sensortechnik GmbH FDS101 para FAdC/FAdCi v1.4.24 y todas las versiones anteriores son vulnerables a una vulnerabilidad de ejecución remota de código (RCE) a través de parámetros manipulados de la interfaz web sin autenticac... • https://cert.vde.com/en/advisories/VDE-2023-038 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43496
https://notcve.org/view.php?id=CVE-2023-43496
20 Sep 2023 — Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. • http://www.openwall.com/lists/oss-security/2023/09/20/5 • CWE-276: Incorrect Default Permissions •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0462 – Arbitrary code execution through yaml global parameters
https://notcve.org/view.php?id=CVE-2023-0462
20 Sep 2023 — An arbitrary code execution flaw was found in Foreman. • https://access.redhat.com/security/cve/CVE-2023-0462 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25528
https://notcve.org/view.php?id=CVE-2023-25528
20 Sep 2023 — A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5473 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2019-19450 – python-reportlab: code injection in paraparser.py allows code execution
https://notcve.org/view.php?id=CVE-2019-19450
20 Sep 2023 — paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with ' https://notcve.org/view.php?id=CVE-2023-41179 19 Sep 2023 — A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. Una vulnerabilidad en el módulo de desinstalación AV de terceros contenido en Trend Micro Ape... • https://jvn.jp/en/vu/JVNVU90967486 • CWE-94: Improper Control of Generation of Code ('Code Injection') • CVSS: 8.3EPSS: 4%CPEs: 5EXPL: 0CVE-2023-41179 – Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40221 – Socomec MOD3GP-SY-120K Code Injection
https://notcve.org/view.php?id=CVE-2023-40221
18 Sep 2023 — The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter MAIL_RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed. * La ausencia de filtros al cargar algunas secciones en la aplicación web del dispositivo ... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34999
https://notcve.org/view.php?id=CVE-2023-34999
18 Sep 2023 — A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface. • https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34195
https://notcve.org/view.php?id=CVE-2023-34195
18 Sep 2023 — By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set. • https://www.insyde.com/security-pledge • CWE-94: Improper Control of Generation of Code ('Code Injection') •