CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25834 – Ubuntu Security Notice USN-6745-1
https://notcve.org/view.php?id=CVE-2022-25834
07 Jun 2023 — Multiple vulnerabilities have been discovered in Percona XtraBackup, the worst of which could lead to arbitrary code execution. • https://docs.percona.com/percona-xtrabackup/8.0/release-notes/8.0/8.0.32-26.0.html#improvements • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2023-34111 – Command Injection Vulnerability in `Release PR Merged` Workflow in taosdata/grafanaplugin
https://notcve.org/view.php?id=CVE-2023-34111
06 Jun 2023 — The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. • https://github.com/taosdata/grafanaplugin/blob/master/.github/workflows/release-pr-merged.yaml#L25 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33569
https://notcve.org/view.php?id=CVE-2023-33569
06 Jun 2023 — Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php? • https://github.com/Cr4at0r/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22450
https://notcve.org/view.php?id=CVE-2023-22450
05 Jun 2023 — In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32540
https://notcve.org/view.php?id=CVE-2023-32540
05 Jun 2023 — In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 5CVE-2023-33733 – Ubuntu Security Notice USN-6196-1
https://notcve.org/view.php?id=CVE-2023-33733
05 Jun 2023 — Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python library to create PDF documents, could be bypassed which may result in the execution of arbitrary code when converting malformed HTML to a PDF document. • https://github.com/L41KAA/CVE-2023-33733-Exploit-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27744
https://notcve.org/view.php?id=CVE-2023-27744
02 Jun 2023 — An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. • https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29736
https://notcve.org/view.php?id=CVE-2023-29736
01 Jun 2023 — Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution. • https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29736/CVE%20detail.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2977 – opensc: buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package
https://notcve.org/view.php?id=CVE-2023-2977
01 Jun 2023 — Multiple vulnerabilities have been discovered in OpenSC, the worst of which could lead to arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2023-2977 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-35743 – Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35743
31 May 2023 — Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35743 • CWE-94: Improper Control of Generation of Code ('Code Injection') •