CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40030 – Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
https://notcve.org/view.php?id=CVE-2023-40030
Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io has server-side checks preventing this attack, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as remote code execution is allowed by design there as well. • https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33 https://github.com/rust-lang/cargo/commit/f975722a0eac934c0722f111f107c4ea2f5c4365 https://github.com/rust-lang/cargo/pull/12291 https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-32559 – nodejs: Permissions policies can be bypassed via process.binding
https://notcve.org/view.php?id=CVE-2023-32559
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Existe una vulnerabilidad de escalada de privilegios en el mecanismo de directiva experimental en todas las líneas de versión activas: 16.x, 18.x y 20.x. El uso de la API obsoleta 'process.binding()' puede omitir el mecanismo de la política al requerir módulos internos y, finalmente, aprovechar 'process.binding('spawn_sync')' ejecutar código arbitrario, fuera de los límites definidos en un archivo 'policy.json'. • https://hackerone.com/reports/1946470 https://security.netapp.com/advisory/ntap-20231006-0006 https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40177 – XWiki Platform privilege escalation (PR) from account through AWM content fields
https://notcve.org/view.php?id=CVE-2023-40177
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field, allowing any wiki page (including the user profile page) to use its content as an AWM Content field, which has a custom displayer that executes the content with the rights of the ``AppWithinMinutes.Content`` author, rather than the rights of the content author. The vulnerability has been fixed in XWiki 14.10.5 and 15.1RC1. The fix is in the content of the AppWithinMinutes.Content page that defines the custom displayer. • https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp https://jira.xwiki.org/browse/XWIKI-7369 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4041 – Second Stage Gecko Bootloader GBL Parser Buffer Overrun Vulnerability
https://notcve.org/view.php?id=CVE-2023-4041
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-494: Download of Code Without Integrity Check CWE-787: Out-of-bounds Write CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-37427 – Authenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface
https://notcve.org/view.php?id=CVE-2023-37427
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •