CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39240 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 3
https://notcve.org/view.php?id=CVE-2023-39240
07 Sep 2023 — A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. • https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39239 – ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2
https://notcve.org/view.php?id=CVE-2023-39239
07 Sep 2023 — A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. • https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39238 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 1
https://notcve.org/view.php?id=CVE-2023-39238
07 Sep 2023 — A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. ... A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. • https://www.twcert.org.tw/tw/cp-132-7354-4e654-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40397 – webkitgtk: arbitrary javascript code execution
https://notcve.org/view.php?id=CVE-2023-40397
06 Sep 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. El problema se solucionó mejorando las comprobaciones. Este problema se solucionó en macOS Ventura 13.5. • http://www.openwall.com/lists/oss-security/2023/09/11/1 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 6.6EPSS: 0%CPEs: 24EXPL: 0CVE-2023-39956 – Electron: Out-of-package code execution when launched with arbitrary cwd
https://notcve.org/view.php?id=CVE-2023-39956
06 Sep 2023 — Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. • https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41319 – Remote Code Execution in Custom Integration Upload in Fides
https://notcve.org/view.php?id=CVE-2023-41319
06 Sep 2023 — Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox can be bypassed to execute any arbitr... • https://github.com/ethyca/fides/commit/5989b5fa744c8d8c340963b895a054883549358a • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-693: Protection Mechanism Failure •
CVSS: 8.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-38484 – Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways
https://notcve.org/view.php?id=CVE-2023-38484
06 Sep 2023 — Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise. Existen vulnerabilidades en la implementación de la BIOS de los Controladores y Gateways de las Series 9200 y 9000 de Aruba que podrían permitir a un at... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-35980 – Adobe Acrobat Reader SpellDictionaryExport Path Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35980
06 Sep 2023 — An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-28644 – Adobe Acrobat SpellDictionaryCreate Path Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-28644
06 Sep 2023 — An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20898 – Gentoo Linux Security Advisory 202412-09
https://notcve.org/view.php?id=CVE-2023-20898
05 Sep 2023 — Multiple vulnerabilities have been discovered in Salt, the worst of which can lead to arbitrary code execution. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL •