CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39469 – PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-39469
30 Aug 2023 — PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. • https://www.papercut.com/kb/Main/SecurityBulletinJuly2023 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23774
https://notcve.org/view.php?id=CVE-2023-23774
29 Aug 2023 — This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device. • https://tetraburst.com • CWE-248: Uncaught Exception CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23773
https://notcve.org/view.php?id=CVE-2023-23773
29 Aug 2023 — The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device. • https://tetraburst.com • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23772
https://notcve.org/view.php?id=CVE-2023-23772
29 Aug 2023 — The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device. • https://tetraburst.com • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40889 – Debian Security Advisory 5614-1
https://notcve.org/view.php?id=CVE-2023-40889
29 Aug 2023 — Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. • https://hackmd.io/%40cspl/B1ZkFZv23 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40890 – Debian Security Advisory 5614-1
https://notcve.org/view.php?id=CVE-2023-40890
29 Aug 2023 — Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. • https://hackmd.io/%40cspl/H1PxPAUnn • CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41362
https://notcve.org/view.php?id=CVE-2023-41362
29 Aug 2023 — MyBB before 1.8.36 allows Code Injection by users with certain high privileges. • https://github.com/SorceryIE/CVE-2023-41362_MyBB_ACP_RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40590 – Untrusted search path on Windows systems leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-40590
28 Aug 2023 — GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people... • https://docs.python.org/3/library/subprocess.html#popen-constructor • CWE-426: Untrusted Search Path •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39059
https://notcve.org/view.php?id=CVE-2023-39059
28 Aug 2023 — An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. • https://gist.github.com/Alevsk/1757da24c5fb8db735d392fd4146ca3a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41005
https://notcve.org/view.php?id=CVE-2023-41005
28 Aug 2023 — An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php Un problema en Pagekit v1.0.18 permite a un atacante remoto ejecutar código arbitrario a través de las funciones "thedownloadAction" y "updateAction" en "UpdateController.php". • https://github.com/pagekit/pagekit/issues/977 • CWE-94: Improper Control of Generation of Code ('Code Injection') •