CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34330 – Code injection via Dynamic Redfish Extension interface
https://notcve.org/view.php?id=CVE-2023-34330
18 Jul 2023 — AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4146 – EL Injection Vulnerability in Hitachi Replication Manager
https://notcve.org/view.php?id=CVE-2022-4146
18 Jul 2023 — Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-123/index.html • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0CVE-2023-32157 – Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32157
18 Jul 2023 — Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. ... Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. ... Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-23-973 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37476 – Zip slip in OpenRefine
https://notcve.org/view.php?id=CVE-2023-37476
17 Jul 2023 — A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. • https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2021-37384
https://notcve.org/view.php?id=CVE-2021-37384
17 Jul 2023 — RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface. • https://cwe.mitre.org/data/definitions/94.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2023-37466 – vm2 Sandbox Escape vulnerability
https://notcve.org/view.php?id=CVE-2023-37466
13 Jul 2023 — vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. vm2 es una máquina virtual/sandbox avanzada para Node.js. La librer... • https://packetstorm.news/files/id/177623 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37274 – Python code execution sandbox escape in non-docker version in Auto-GPT
https://notcve.org/view.php?id=CVE-2023-37274
13 Jul 2023 — This can further be abused to achieve arbitrary code execution on the host running Auto-GPT by e.g. This can further be abused to achieve arbitrary code execution on the host running Auto-GPT by e.g. overwriting autogpt/main.py which will be executed outside of the docker environment meant to sandbox custom python code execution the next time Auto-GPT is started. ... This can further be abused to achieve arbitrary code execution on the host running Auto-GPT by e.g. • https://github.com/Significant-Gravitas/Auto-GPT/pull/4756 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37273 – Docker escape in Auto-GPT when running from docker-compose.yml included in git repo
https://notcve.org/view.php?id=CVE-2023-37273
13 Jul 2023 — Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing `docker compose run auto-gpt` in the repo root uses a different docker-compose.yml file from the one suggested in the official docker set up instructions. The docker-compose.yml file located in the repo root mounts itself into the docker container without write protection. This means that if malicious custom python code is ... • https://github.com/Significant-Gravitas/Auto-GPT/pull/4761 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-37565
https://notcve.org/view.php?id=CVE-2023-37565
13 Jul 2023 — Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. • https://jvn.jp/en/jp/JVN05223215 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2022-42045
https://notcve.org/view.php?id=CVE-2022-42045
13 Jul 2023 — Certain Zemana products are vulnerable to Arbitrary code injection. • https://github.com/ReCryptLLC/CVE-2022-42045 • CWE-94: Improper Control of Generation of Code ('Code Injection') •