CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27899 – Jenkins: Temporary plugin file created with insecure permissions
https://notcve.org/view.php?id=CVE-2023-27899
08 Mar 2023 — Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution. ... If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file syste... • https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823 • CWE-378: Creation of Temporary File With Insecure Permissions CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0090 – Proofpoint Enterprise Protection webservices unauthenticated RCE
https://notcve.org/view.php?id=CVE-2023-0090
08 Mar 2023 — The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below. • https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0089 – Proofpoint Enterprise Protection webutils authenticated RCE
https://notcve.org/view.php?id=CVE-2023-0089
08 Mar 2023 — The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. • https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1283 – Code Injection in builderio/qwik
https://notcve.org/view.php?id=CVE-2023-1283
08 Mar 2023 — Code Injection in GitHub repository builderio/qwik prior to 0.21.0. • https://github.com/BuilderIO/qwik/pull/3249/commits/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22889
https://notcve.org/view.php?id=CVE-2023-22889
08 Mar 2023 — SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users. • https://smartbear.com/security/cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27472 – HTML tags in entity names in the tree view are not sanitised in quickentity-editor-next
https://notcve.org/view.php?id=CVE-2023-27472
06 Mar 2023 — Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. • https://github.com/atampy25/quickentity-editor-next/commit/5303b45a20a6e4e9318729b8dd7bbf09b37b369d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26107
https://notcve.org/view.php?id=CVE-2023-26107
06 Mar 2023 — All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string. • https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/lib/index.js%23L115 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 3CVE-2022-46395 – Android Arm Mali GPU Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-46395
06 Mar 2023 — An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. • https://packetstorm.news/files/id/172855 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22419
https://notcve.org/view.php?id=CVE-2023-22419
05 Mar 2023 — As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU94966432 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22421
https://notcve.org/view.php?id=CVE-2023-22421
05 Mar 2023 — As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU94966432 • CWE-125: Out-of-bounds Read •