CVE-2023-23772
https://notcve.org/view.php?id=CVE-2023-23772
The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device. • https://tetraburst.com • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2023-40889
https://notcve.org/view.php?id=CVE-2023-40889
Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. • https://hackmd.io/%40cspl/B1ZkFZv23 https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665 • CWE-787: Out-of-bounds Write •
CVE-2023-40890
https://notcve.org/view.php?id=CVE-2023-40890
Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. • https://hackmd.io/%40cspl/H1PxPAUnn https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665 • CWE-787: Out-of-bounds Write •
CVE-2023-41362
https://notcve.org/view.php?id=CVE-2023-41362
MyBB before 1.8.36 allows Code Injection by users with certain high privileges. • https://blog.sorcery.ie/posts/mybb_acp_rce https://github.com/mybb/mybb/commit/a43a6f22944e769a6eabc58c39e7bc18c1cab4ca.patch https://github.com/mybb/mybb/security/advisories/GHSA-pr74-wvp3-q6f5 https://mybb.com/versions/1.8.36 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-40590 – Untrusted search path on Windows systems leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-40590
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. • https://docs.python.org/3/library/subprocess.html#popen-constructor https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 • CWE-426: Untrusted Search Path •