CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-32384 – Apple macOS ImageIO EXR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32384
30 May 2023 — Processing an image may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213757 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32419 – Apple Security Advisory 2023-05-18-1
https://notcve.org/view.php?id=CVE-2023-32419
30 May 2023 — A remote attacker may be able to cause arbitrary code execution. iOS 16.5 and iPadOS 16.5 addresses buffer overflow, bypass, code execution, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213757 •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-28204 – Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-28204
30 May 2023 — An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. • https://security.gentoo.org/glsa/202401-04 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2023-32387 – Apple Security Advisory 2023-05-18-3
https://notcve.org/view.php?id=CVE-2023-32387
30 May 2023 — A remote attacker may be able to cause unexpected app termination or arbitrary code execution. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213758 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 1CVE-2023-32412 – Apple Security Advisory 2023-05-18-6
https://notcve.org/view.php?id=CVE-2023-32412
30 May 2023 — A remote attacker may be able to cause unexpected app termination or arbitrary code execution. • https://packetstorm.news/files/id/172990 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29537 – Gentoo Linux Security Advisory 202305-35
https://notcve.org/view.php?id=CVE-2023-29537
30 May 2023 — Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1823365 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2928 – DedeCMS article_allowurl_edit.php code injection
https://notcve.org/view.php?id=CVE-2023-2928
27 May 2023 — The manipulation of the argument allurls leads to code injection. ... Durch das Manipulieren des Arguments allurls mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/CN016/DedeCMS-getshell-CVE-2023-2928- • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2943 – Code Injection in openemr/openemr
https://notcve.org/view.php?id=CVE-2023-2943
27 May 2023 — Code Injection in GitHub repository openemr/openemr prior to 7.0.1. • https://github.com/openemr/openemr/commit/c1c0805696ca68577c37bf30e29f90e5f3e0f1a9 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 11%CPEs: 1EXPL: 1CVE-2023-31128 – NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection
https://notcve.org/view.php?id=CVE-2023-31128
26 May 2023 — Those who have forked the NextCloud Cookbook repository should make sure their forks are on the latest version to prevent code injection attacks and similar. • https://github.com/nextcloud/cookbook/blob/a14d6ffc4d45e1447556f68606129dfd6c1505cf/.github/workflows/pull-checks.yml#L67 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 1CVE-2023-28320 – Apple Security Advisory 2023-07-24-6
https://notcve.org/view.php?id=CVE-2023-28320
26 May 2023 — Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Jul/47 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-400: Uncontrolled Resource Consumption •