CVE-2023-4601 – Stack-based Buffer Overflow in NI System Configuration Software
https://notcve.org/view.php?id=CVE-2023-4601
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. • https://www.ni.com/en/support/documentation/supplemental/23/stack-based-buffer-overflow-in-ni-system-configuration.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-45811 – Prototype pollution vulnerability leading to arbitrary code execution in synchrony deobfuscator
https://notcve.org/view.php?id=CVE-2023-45811
Successful exploitation could lead to arbitrary code execution. • https://github.com/relative/synchrony/commit/b583126be94c4db7c5a478f1c5204bfb4162cf40 https://github.com/relative/synchrony/security/advisories/GHSA-jg82-xh3w-rhxx https://github.com/relative/synchrony/security/advisories/src/transformers/literalmap.ts • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2023-20598
https://notcve.org/view.php?id=CVE-2023-20598
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. • https://github.com/H4rk3nz0/CVE-2023-20598-PDFWKRNL https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009 • CWE-269: Improper Privilege Management •
CVE-2023-41630
https://notcve.org/view.php?id=CVE-2023-41630
eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component. Se descubrió que eSST Monitoring v2.147.1 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente generador de código Gii. • https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-41630-eSST-Preauth-RCE.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-5538 – MpOperationLogs <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-5538
The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento MpOperationLogs para WordPress es vulnerable a Cross-Site Scripting almacenado a través de los encabezados de solicitud de IP en versiones hasta la 1.0.1 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://github.com/juweihuitao/MpOperationLogs https://plugins.trac.wordpress.org/browser/mpoperationlogs/trunk/common.php#L10 https://plugins.trac.wordpress.org/browser/mpoperationlogs/trunk/template/ipslist_td.php https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5f1b00-acee-4dc8-acd7-2d3f3493f253? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •