CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28728
https://notcve.org/view.php?id=CVE-2023-28728
21 Jul 2023 — A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. • https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 79%CPEs: 8EXPL: 40CVE-2023-38646 – Metabase Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-38646
21 Jul 2023 — Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2. Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functio... • https://github.com/acesoyeo/METABASE-RCE-CVE-2023-38646- •
CVSS: 10.0EPSS: 28%CPEs: 28EXPL: 0CVE-2023-38203 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-38203
20 Jul 2023 — Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 11CVE-2023-38408 – openssh: Remote code execution in ssh-agent PKCS#11 support
https://notcve.org/view.php?id=CVE-2023-38408
20 Jul 2023 — The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. La característica PKCS#11 en ssh-agent en OpenSSH anterior a 9.3p2 tiene una ruta de búsqueda insuficientemente confiable, lo que lleva a la ejecución remota de código si u... • https://packetstorm.news/files/id/173661 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-428: Unquoted Search Path or Element •
CVSS: 10.0EPSS: 96%CPEs: 8EXPL: 15CVE-2023-3519 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-3519
19 Jul 2023 — Unauthenticated remote code execution Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. • https://packetstorm.news/files/id/173997 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28744
https://notcve.org/view.php?id=CVE-2023-28744
19 Jul 2023 — This can lead to memory corruption and arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1739 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-27379
https://notcve.org/view.php?id=CVE-2023-27379
19 Jul 2023 — By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1756 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-33866
https://notcve.org/view.php?id=CVE-2023-33866
19 Jul 2023 — By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1757 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33876
https://notcve.org/view.php?id=CVE-2023-33876
19 Jul 2023 — Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22506
https://notcve.org/view.php?id=CVE-2023-22506
18 Jul 2023 — This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to modify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your ... • https://jira.atlassian.com/browse/BAM-22400 • CWE-94: Improper Control of Generation of Code ('Code Injection') •