CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48174 – busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48174
22 Aug 2023 — In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. ... This issue occurs via a stack overflow vulnerability in ash.c in BusyBox, which may allow arbitrary code execution. • https://bugs.busybox.net/show_bug.cgi?id=15216 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18652 – exempi: denial of service via opening of crafted webp file
https://notcve.org/view.php?id=CVE-2020-18652
22 Aug 2023 — Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. A buffer overflow flaw was found in the exempi package. This issue occurs in WEBP_Support.cpp and may allow remote attackers to cause a denial of service via opening a crafted webp file. • https://gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-21528 – Gentoo Linux Security Advisory 202312-09
https://notcve.org/view.php?id=CVE-2020-21528
22 Aug 2023 — Multiple vulnerabilities have been discovered in NASM, the worst of which could lead to arbitrary code execution. • https://bugzilla.nasm.us/show_bug.cgi?id=3392637 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 5CVE-2023-36281
https://notcve.org/view.php?id=CVE-2023-36281
22 Aug 2023 — An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template. • https://github.com/tagomaru/CVE-2023-36281 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35357 – Ubuntu Security Notice USN-6472-1
https://notcve.org/view.php?id=CVE-2020-35357
22 Aug 2023 — Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. • https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19725
https://notcve.org/view.php?id=CVE-2020-19725
22 Aug 2023 — It can cause segmentation faults or arbitrary code execution. • https://github.com/Z3Prover/z3/issues/3363 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31447
https://notcve.org/view.php?id=CVE-2023-31447
21 Aug 2023 — user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. • https://draytek.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39660
https://notcve.org/view.php?id=CVE-2023-39660
21 Aug 2023 — An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. • https://github.com/gventuri/pandas-ai/issues/399 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-39445
https://notcve.org/view.php?id=CVE-2023-39445
18 Aug 2023 — Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. La vulnerabilidad de funcionalidad oculta en LAN-WH300N/RE todas las versiones proporcionadas por LOGITEC CORPORATION permite a un atacante no autenticado ejecutar código arbitrario enviando un archivo especialmente diseñado a la consola de gestión determinada del producto... • https://jvn.jp/en/vu/JVNVU91630351 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38576
https://notcve.org/view.php?id=CVE-2023-38576
18 Aug 2023 — Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. La vulnerabilidad de funcionalidad oculta en LAN-WH300N/RE todas las versiones proporcionadas por LOGITEC CORPORATION permite a un usuario autenticado ejecutar comandos arbitrarios del sistema operativo en una determinada consola de gestión. • https://jvn.jp/en/vu/JVNVU91630351 • CWE-94: Improper Control of Generation of Code ('Code Injection') •