CVSS: 10.0EPSS: 0%CPEs: 126EXPL: 0CVE-2023-20520
https://notcve.org/view.php?id=CVE-2023-20520
09 May 2023 — Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 3EXPL: 2CVE-2023-24955 – Microsoft SharePoint Server Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-24955
09 May 2023 — Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. • https://packetstorm.news/files/id/177802 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29462 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29462
09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory b... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29461 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29461
09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory b... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29460 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29460
09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability. An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious u... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31039 – Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-31039
08 May 2023 — Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. upgrade to bRPC >= 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of b... • http://www.openwall.com/lists/oss-security/2023/05/08/1 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-28201
https://notcve.org/view.php?id=CVE-2023-28201
08 May 2023 — A remote user may be able to cause unexpected app termination or arbitrary code execution. • https://support.apple.com/en-us/HT213670 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27938 – Apple GarageBand MIDI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-27938
08 May 2023 — Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution. • https://support.apple.com/en-us/HT213650 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2583 – Code Injection in jsreport/jsreport
https://notcve.org/view.php?id=CVE-2023-2583
08 May 2023 — Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. • https://github.com/jsreport/jsreport/commit/afaff3804b34b38e959f5ae65f9e672088de13d7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3CVE-2022-47879 – Jedox 2022.4.2 - Code Execution via RPC Interfaces
https://notcve.org/view.php?id=CVE-2022-47879
05 May 2023 — A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. Jedox version 2022.4.2 has a vulnerability in /be/rpc.php and /be/erpc.php that allows remote authenticated users to load arbitrary PHP classes from the rtn directory and to execute its methods. • https://packetstorm.news/files/id/172151 • CWE-94: Improper Control of Generation of Code ('Code Injection') •