CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35357
https://notcve.org/view.php?id=CVE-2020-35357
Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. • https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859 https://lists.debian.org/debian-lts-announce/2023/09/msg00023.html https://savannah.gnu.org/bugs/?59624 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31447
https://notcve.org/view.php?id=CVE-2023-31447
user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. • https://draytek.com https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39660
https://notcve.org/view.php?id=CVE-2023-39660
An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. • https://github.com/gventuri/pandas-ai/issues/399 https://github.com/gventuri/pandas-ai/pull/409 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-39445
https://notcve.org/view.php?id=CVE-2023-39445
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. La vulnerabilidad de funcionalidad oculta en LAN-WH300N/RE todas las versiones proporcionadas por LOGITEC CORPORATION permite a un atacante no autenticado ejecutar código arbitrario enviando un archivo especialmente diseñado a la consola de gestión determinada del producto. • https://jvn.jp/en/vu/JVNVU91630351 https://www.elecom.co.jp/news/security/20230810-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38576
https://notcve.org/view.php?id=CVE-2023-38576
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. La vulnerabilidad de funcionalidad oculta en LAN-WH300N/RE todas las versiones proporcionadas por LOGITEC CORPORATION permite a un usuario autenticado ejecutar comandos arbitrarios del sistema operativo en una determinada consola de gestión. • https://jvn.jp/en/vu/JVNVU91630351 https://www.elecom.co.jp/news/security/20230810-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •