CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38198
https://notcve.org/view.php?id=CVE-2023-38198
13 Jul 2023 — acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. • http://www.openwall.com/lists/oss-security/2023/07/13/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29308 – [FG-VD-23-009] Adobe InDesign 2023 Arbitrary Code Execution Vulnerability Notification
https://notcve.org/view.php?id=CVE-2023-29308
12 Jul 2023 — Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb23-38.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 96%CPEs: 25EXPL: 0CVE-2023-29300 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-29300
12 Jul 2023 — Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2023-37582 – Apache RocketMQ: Possible remote code execution when using the update configuration function
https://notcve.org/view.php?id=CVE-2023-37582
12 Jul 2023 — The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for Ro... • https://github.com/Malayke/CVE-2023-37582_EXPLOIT • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37199
https://notcve.org/view.php?id=CVE-2023-37199
12 Jul 2023 — A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored. A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37198
https://notcve.org/view.php?id=CVE-2023-37198
12 Jul 2023 — A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages. A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-37450 – Apple Multiple Products WebKit Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-37450
12 Jul 2023 — Processing web content may lead to arbitrary code execution. ... This issue occurs when processing web content, which may lead to arbitrary code execution. An anonymous researcher discovered that processing web content may lead to arbitrary code execution. • https://security.gentoo.org/glsa/202401-04 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24492
https://notcve.org/view.php?id=CVE-2023-24492
11 Jul 2023 — A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. • https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-35333 – MediaWiki PandocUpload Extension Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35333
11 Jul 2023 — MediaWiki PandocUpload Extension Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35333 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37271 – RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
https://notcve.org/view.php?id=CVE-2023-37271
11 Jul 2023 — Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. • https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531 • CWE-913: Improper Control of Dynamically-Managed Code Resources •