Page 261 of 8664 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). En Artifex Ghostscript hasta 10.01.2, gdevijs.c en GhostPDL puede conducir a la ejecución remota de código a través de documentos PostScript manipulados porque pueden cambiar al dispositivo IJS, o cambiar el parámetro IjsServer, después de que se haya activado SAFER. NOTA: es un riesgo documentado que el servidor IJS se pueda especificar en una línea de comandos gs (el dispositivo IJS debe ejecutar inherentemente un comando para iniciar el servidor IJS). A vulnerability was found in Artifex Ghostscript in gdevijs.c, allows a malicious remote attacker to perform remote code execution via crafted PostScript documents. • https://github.com/jostaub/ghostscript-CVE-2023-43115 https://bugs.ghostscript.com/show_bug.cgi?id=707051 https://ghostscript.com https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5 https://access.redhat.com/security/cve/CVE-2023-43115 h • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023052 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1

Code Injection in GitHub repository librenms/librenms prior to 23.9.0. • https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0 https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. El complemento Allow PHP in Posts and Pages para WordPress es vulnerable a la Ejecución Remota de Código en versiones hasta la 3.0.4 inclusive a través del código corto 'php'. Esto permite a atacantes autenticados con permisos de nivel de suscriptor o superiores ejecutar código en el servidor. • https://plugins.trac.wordpress.org/browser/allow-php-in-posts-and-pages/trunk/allowphp.php#L373 https://www.wordfence.com/threat-intel/vulnerabilities/id/3d8b4bb6-3715-40c1-8140-7fcf874ccec3?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 1%CPEs: 30EXPL: 0

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html • CWE-502: Deserialization of Untrusted Data •