CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34999
https://notcve.org/view.php?id=CVE-2023-34999
A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface. • https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-43115 – Ghostscript: GhostPDL can lead to remote code execution via crafted PostScript documents
https://notcve.org/view.php?id=CVE-2023-43115
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). En Artifex Ghostscript hasta 10.01.2, gdevijs.c en GhostPDL puede conducir a la ejecución remota de código a través de documentos PostScript manipulados porque pueden cambiar al dispositivo IJS, o cambiar el parámetro IjsServer, después de que se haya activado SAFER. NOTA: es un riesgo documentado que el servidor IJS se pueda especificar en una línea de comandos gs (el dispositivo IJS debe ejecutar inherentemente un comando para iniciar el servidor IJS). A vulnerability was found in Artifex Ghostscript in gdevijs.c, allows a malicious remote attacker to perform remote code execution via crafted PostScript documents. • https://github.com/jostaub/ghostscript-CVE-2023-43115 https://bugs.ghostscript.com/show_bug.cgi?id=707051 https://ghostscript.com https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5 https://access.redhat.com/security/cve/CVE-2023-43115 h • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34195
https://notcve.org/view.php?id=CVE-2023-34195
By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023052 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4977 – Code Injection in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4977
Code Injection in GitHub repository librenms/librenms prior to 23.9.0. • https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0 https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4994 – Allow PHP in Posts and Pages <= 3.0.4 - Authenticated (Subscriber+) Remote Code Execution via Shortcode
https://notcve.org/view.php?id=CVE-2023-4994
The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. El complemento Allow PHP in Posts and Pages para WordPress es vulnerable a la Ejecución Remota de Código en versiones hasta la 3.0.4 inclusive a través del código corto 'php'. Esto permite a atacantes autenticados con permisos de nivel de suscriptor o superiores ejecutar código en el servidor. • https://plugins.trac.wordpress.org/browser/allow-php-in-posts-and-pages/trunk/allowphp.php#L373 https://www.wordfence.com/threat-intel/vulnerabilities/id/3d8b4bb6-3715-40c1-8140-7fcf874ccec3?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •