CVE-2022-26941 – Format string vulnerability in AT+CTGL command in Motorola MTM5000
https://notcve.org/view.php?id=CVE-2022-26941
This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges. • https://tetraburst.com • CWE-134: Use of Externally-Controlled Format String •
CVE-2022-25333 – Flawed SK_LOAD module authenticity check in Texas Instruments OMAP L138
https://notcve.org/view.php?id=CVE-2022-25333
An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. • https://tetraburst.com • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2023-45883
https://notcve.org/view.php?id=CVE-2023-45883
Standard users may use this to gain arbitrary code execution as SYSTEM. • https://hackandpwn.com/disclosures/CVE-2023-45883.pdf https://www.vidyo.com/enterprise-video-management/qumu • CWE-269: Improper Privilege Management •
CVE-2023-30131
https://notcve.org/view.php?id=CVE-2023-30131
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. Un problema descubierto en IXP EasyInstall 6.6.14884.0 permite a los atacantes ejecutar comandos arbitrarios, obtener privilegios elevados y causar otros impactos no especificados a través de llamadas API no autenticadas. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-46042
https://notcve.org/view.php?id=CVE-2023-46042
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). Un problema en GetSimpleCMS v.3.4.0a permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en phpinfo(). • https://github.com/Num-Nine/CVE/wiki/A-file-write-vulnerability-exists-in-GetSimpleCMS • CWE-94: Improper Control of Generation of Code ('Code Injection') •