CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2023-25874 – Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-25874
16 Mar 2023 — Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43441 – Debian Security Advisory 5373-1
https://notcve.org/view.php?id=CVE-2022-43441
15 Mar 2023 — A specially-crafted Javascript file can lead to arbitrary code execution. • https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74 • CWE-913: Improper Control of Dynamically-Managed Code Resources CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27893 – Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)
https://notcve.org/view.php?id=CVE-2023-27893
14 Mar 2023 — An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable. • https://launchpad.support.sap.com/#/notes/3296476 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25616 – Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)
https://notcve.org/view.php?id=CVE-2023-25616
14 Mar 2023 — In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed b... • https://launchpad.support.sap.com/#/notes/3245526 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27581 – github-slug-action vulnerable to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-27581
13 Mar 2023 — github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0` and prior to version 4.4.1, this action uses the `github.head_ref` parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. This can be used to execute code on the GitHub runners an... • https://github.com/rlespinasse/github-slug-action/commit/102b1a064a9b145e56556e22b18b19c624538d94 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0888 – Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi
https://notcve.org/view.php?id=CVE-2023-0888
13 Mar 2023 — An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication modul... • https://www.bbraun.com/productsecurity • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45423
https://notcve.org/view.php?id=CVE-2021-45423
13 Mar 2023 — This can lead to arbitrary code execution. • https://github.com/merces/libpe/issues/35 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1367 – Code Injection in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2023-1367
13 Mar 2023 — Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/453c6e130229718680c91bef450db643a0f263e4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1287 – ENOVIA Live Collaboration V6R2013xE is affected by an XSL template injection vulnerability
https://notcve.org/view.php?id=CVE-2023-1287
09 Mar 2023 — An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. • https://www.3ds.com/vulnerability/advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27986
https://notcve.org/view.php?id=CVE-2023-27986
09 Mar 2023 — emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. • http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc • CWE-94: Improper Control of Generation of Code ('Code Injection') •