CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39240 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 3
https://notcve.org/view.php?id=CVE-2023-39240
A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. • https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39239 – ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2
https://notcve.org/view.php?id=CVE-2023-39239
A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. • https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39238 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 1
https://notcve.org/view.php?id=CVE-2023-39238
A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. • https://www.twcert.org.tw/tw/cp-132-7354-4e654-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40397 – webkitgtk: arbitrary javascript code execution
https://notcve.org/view.php?id=CVE-2023-40397
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. El problema se solucionó mejorando las comprobaciones. Este problema se solucionó en macOS Ventura 13.5. • http://www.openwall.com/lists/oss-security/2023/09/11/1 https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213843 https://access.redhat.com/security/cve/CVE-2023-40397 https://bugzilla.redhat.com/show_bug.cgi?id=2238945 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 6.6EPSS: 0%CPEs: 24EXPL: 0CVE-2023-39956 – Electron: Out-of-package code execution when launched with arbitrary cwd
https://notcve.org/view.php?id=CVE-2023-39956
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. • https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5 • CWE-94: Improper Control of Generation of Code ('Code Injection') •