CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39660
https://notcve.org/view.php?id=CVE-2023-39660
An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. • https://github.com/gventuri/pandas-ai/issues/399 https://github.com/gventuri/pandas-ai/pull/409 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-39445
https://notcve.org/view.php?id=CVE-2023-39445
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. La vulnerabilidad de funcionalidad oculta en LAN-WH300N/RE todas las versiones proporcionadas por LOGITEC CORPORATION permite a un atacante no autenticado ejecutar código arbitrario enviando un archivo especialmente diseñado a la consola de gestión determinada del producto. • https://jvn.jp/en/vu/JVNVU91630351 https://www.elecom.co.jp/news/security/20230810-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38576
https://notcve.org/view.php?id=CVE-2023-38576
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. La vulnerabilidad de funcionalidad oculta en LAN-WH300N/RE todas las versiones proporcionadas por LOGITEC CORPORATION permite a un usuario autenticado ejecutar comandos arbitrarios del sistema operativo en una determinada consola de gestión. • https://jvn.jp/en/vu/JVNVU91630351 https://www.elecom.co.jp/news/security/20230810-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32626
https://notcve.org/view.php?id=CVE-2023-32626
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. La vulnerabilidad de funcionalidad oculta en LAN-W300N/RS todas las versiones, y LAN-W300N/PR5 todas las versiones permite a un atacante no autenticado iniciar sesión en la consola de gestión determinada del producto y ejecutar comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU91630351 https://www.elecom.co.jp/news/security/20230810-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40313 – Disable BeanShell Interpreter Remote Server Mode
https://notcve.org/view.php?id=CVE-2023-40313
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. Un intérprete de BeanShell en modo servidor remoto se ejecuta en versiones de OpenNMS Horizon anteriores a 32.0.2 y en versiones de Meridian relacionadas, lo que podría permitir la ejecución remota arbitraria de código Java. La solución es actualizar a Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 u Horizon 32.0.2 o posterior. • https://docs.opennms.com/horizon/32/releasenotes/changelog.html https://github.com/OpenNMS/opennms/pull/6368 • CWE-94: Improper Control of Generation of Code ('Code Injection') •