NotCVE - "Ace"

Page 245 of 11035 results (0.088 seconds)

CVSS: 7.8EPSS: 0%CPEs: 774EXPL: 0

CVE-2022-27541

https://notcve.org/view.php?id=CVE-2022-27541

12 Jun 2023 — Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. • https://support.hp.com/us-en/document/ish_7709808-7709835-16/hpsbhf03835 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.8EPSS: 0%CPEs: 774EXPL: 0

CVE-2022-27539

https://notcve.org/view.php?id=CVE-2022-27539

CVSS: 9.0EPSS: 72%CPEs: 1EXPL: 2

CVE-2023-34468 – Apache NiFi: Potential Code Injection with Database Services using H2

https://notcve.org/view.php?id=CVE-2023-34468

12 Jun 2023 — The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue. • https://packetstorm.news/files/id/174398 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

CVE-2023-35034

https://notcve.org/view.php?id=CVE-2023-35034

12 Jun 2023 — Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033. • https://networks.unify.com/security/advisories/OBSO-2305-01.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-16283

https://notcve.org/view.php?id=CVE-2019-16283

09 Jun 2023 — A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. • https://support.hp.com/us-en/document/c06541912 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-34112 – JavaCPP project actions vulnerable to code injection

https://notcve.org/view.php?id=CVE-2023-34112

08 Jun 2023 — JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the `bytedeco/javacpp-presets` use the `github.event.head_commit.message` parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection vulnerability due to string interpolation. No exploitation has been reported. This issue has been addressed in version 1.5.9. • https://github.com/bytedeco/javacpp-presets/security/advisories/GHSA-36rx-hq22-jm5x • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0

CVE-2023-29404 – Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go

https://notcve.org/view.php?id=CVE-2023-29404

08 Jun 2023 — The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. • https://go.dev/cl/501225 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-29402 – Code injection via go command with cgo in cmd/go

https://notcve.org/view.php?id=CVE-2023-29402

08 Jun 2023 — The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected). • https://go.dev/cl/501226 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0

CVE-2023-34237 – Remote code execution via specially crafted script settings in SABnzbd

https://notcve.org/view.php?id=CVE-2023-34237

07 Jun 2023 — SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. • https://github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 25%CPEs: 1EXPL: 0

CVE-2023-20889 – VMware Aria Operations for Networks exportPDF Code Injection Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2023-20889

07 Jun 2023 — Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware Aria Operations for Networks. Authentication is required to exploit this vulnerability. The specific flaw exists within the exportPDF method. The issue resu... • https://www.vmware.com/security/advisories/VMSA-2023-0012.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

1...243 244 245 246 247