CVE-2023-21381
https://notcve.org/view.php?id=CVE-2023-21381
In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. • https://source.android.com/docs/security/bulletin/android-14 • CWE-416: Use After Free •
CVE-2023-44141
https://notcve.org/view.php?id=CVE-2023-44141
Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. • https://forum.inkdrop.app/t/inkdrop-desktop-v5-6-0/4211 https://jvn.jp/en/jp/JVN48057522 https://www.inkdrop.app • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2020-36767
https://notcve.org/view.php?id=CVE-2020-36767
tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data. tinyfiledialogs (también conocido como diálogos de archivos pequeños) anteriores a 3.8.0 permite metacaracteres de shell en títulos, mensajes y otros datos de entrada. • https://github.com/servo/servo/issues/25498#issuecomment-703527082 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-46865
https://notcve.org/view.php?id=CVE-2023-46865
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. /api/v1/company/upload-logo en CompanyController.php en crater hasta 6.0.6 permite a un superadministrador ejecutar código PHP arbitrario colocando este código en un fragmento IDAT image/png de una imagen del Logotipo de la Empresa. • https://github.com/asylumdx/Crater-CVE-2023-46865-RCE https://github.com/crater-invoice/crater/issues/1267 https://github.com/crater-invoice/crater/pull/1271 https://notes.netbytesec.com/2023/11/post-auth-rce-in-crater-invoice.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-5843 – Ads by datafeedr.com <= 1.1.3 - Unauthenticated (Limited) Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-5843
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily. El complemento Ads by datafeedr.com para WordPress es vulnerable a la ejecución remota de código en versiones hasta la 1.1.3 incluida a través de la función 'dfads_ajax_load_ads'. Esto permite a atacantes no autenticados ejecutar código en el servidor. • https://github.com/codeb0ss/CVE-2023-5843-PoC https://plugins.trac.wordpress.org/browser/ads-by-datafeedrcom/tags/1.1.3/inc/dfads.class.php#L34 https://www.wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d16-443e38933d1e?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •