CVE-2023-40606 – WordPress Kanban Boards for WordPress Plugin <= 2.5.21 is vulnerable to Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2023-40606
Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. • https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-20209
https://notcve.org/view.php?id=CVE-2023-20209
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges. • https://github.com/peter5he1by/CVE-2023-20209 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-28075
https://notcve.org/view.php?id=CVE-2023-28075
A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2023-38889
https://notcve.org/view.php?id=CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). Un problema en Alluxio v.2.9.3 y anteriores permite a un atacante ejecutar código arbitrario a través de un script manipulado en el parámetro username de lluxio.util.CommonUtils.getUnixGroups(java.lang.String). • https://github.com/Alluxio/alluxio/issues/17766 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-38860
https://notcve.org/view.php?id=CVE-2023-38860
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. Un problema en LangChain v.0.0.231 permite a un atacante remoto ejecutar código arbitrario a través del parámetro prompt. • https://github.com/hwchase17/langchain/issues/7641 • CWE-94: Improper Control of Generation of Code ('Code Injection') •