Page 270 of 8664 results (0.029 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device. • https://tetraburst.com • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. • https://hackmd.io/%40cspl/B1ZkFZv23 https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. • https://hackmd.io/%40cspl/H1PxPAUnn https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665 • CWE-787: Out-of-bounds Write •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

MyBB before 1.8.36 allows Code Injection by users with certain high privileges. • https://blog.sorcery.ie/posts/mybb_acp_rce https://github.com/mybb/mybb/commit/a43a6f22944e769a6eabc58c39e7bc18c1cab4ca.patch https://github.com/mybb/mybb/security/advisories/GHSA-pr74-wvp3-q6f5 https://mybb.com/versions/1.8.36 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. • https://docs.python.org/3/library/subprocess.html#popen-constructor https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 • CWE-426: Untrusted Search Path •