CVE-2021-33636 – Load malicious images may cause process to be hijacked
https://notcve.org/view.php?id=CVE-2021-33636
When the isula load command is used to load malicious images, attackers can execute arbitrary code. Cuando el comando isula load se utiliza para cargar imágenes maliciosas, los atacantes pueden ejecutar código arbitrario. • https://gitee.com/src-openeuler/iSulad/pulls/600/files https://gitee.com/src-openeuler/iSulad/pulls/627/files https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-665: Improper Initialization •
CVE-2021-33635 – Pull malicious images may cause process to be hijacked
https://notcve.org/view.php?id=CVE-2021-33635
When malicious images are pulled by isula pull, attackers can execute arbitrary code. Cuando isula pull extrae imágenes maliciosas, los atacantes pueden ejecutar código arbitrario. • https://gitee.com/src-openeuler/iSulad/pulls/600/files https://gitee.com/src-openeuler/iSulad/pulls/627/files https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-665: Improper Initialization •
CVE-2023-27858 – Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2023-27858
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-824: Access of Uninitialized Pointer •
CVE-2023-27854 – Rockwell Automation Arena® Simulation Out of Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-27854
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-125: Out-of-bounds Read •
CVE-2023-46818 – ISPConfig 3.2.11 PHP Code Injection
https://notcve.org/view.php?id=CVE-2023-46818
PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. ... ISPConfig versions 4.2.11 and below suffer from a PHP code injection vulnerability in language_edit.php. • http://packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.html http://seclists.org/fulldisclosure/2023/Dec/2 https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released • CWE-94: Improper Control of Generation of Code ('Code Injection') •