Page 235 of 8664 results (0.151 seconds)

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. Se identificó un riesgo de ejecución remota de código en la actividad Lesson. Por defecto, esto sólo estaba disponible para profesores y directivos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408 https://bugzilla.redhat.com/show_bug.cgi?id=2243352 https://moodle.org/mod/forum/discuss.php?d=451580 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. • https://github.com/apache/arrow/commit/f14170976372436ec1d03a724d8d3f3925484ecf https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FR34AIPXVTMB3XPRU5ULV5HHWPMRE33X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAGWEAJDWO2ACYATUQCPXLSYY5C3L3XU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWFYXLVBTBHNKYRXI572RFX7IJDDQGBL https://pypi.org/project/pyarrow-hotfix • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. • https://trust.okta.com/security-advisories/okta-ldap-agent-cve-2023-0392 • CWE-428: Unquoted Search Path or Element •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. • https://perforce.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. • https://liotree.github.io/2023/webid.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •