CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24757 – Gentoo Linux Security Advisory 202408-20
https://notcve.org/view.php?id=CVE-2023-24757
01 Mar 2023 — Multiple vulnerabilities have been discovered in libde265, the worst of which could lead to arbitrary code execution. • https://github.com/strukturag/libde265/issues/385 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24754 – Gentoo Linux Security Advisory 202408-20
https://notcve.org/view.php?id=CVE-2023-24754
01 Mar 2023 — Multiple vulnerabilities have been discovered in libde265, the worst of which could lead to arbitrary code execution. • https://github.com/strukturag/libde265/issues/382 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24752 – Gentoo Linux Security Advisory 202408-20
https://notcve.org/view.php?id=CVE-2023-24752
01 Mar 2023 — Multiple vulnerabilities have been discovered in libde265, the worst of which could lead to arbitrary code execution. • https://github.com/strukturag/libde265/issues/378 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24751 – Gentoo Linux Security Advisory 202408-20
https://notcve.org/view.php?id=CVE-2023-24751
01 Mar 2023 — Multiple vulnerabilities have been discovered in libde265, the worst of which could lead to arbitrary code execution. • https://github.com/strukturag/libde265/issues/379 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-1017 – TPM2.0 vulnerable to out-of-bounds write
https://notcve.org/view.php?id=CVE-2023-1017
28 Feb 2023 — An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. ... This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope. • https://kb.cert.org/vuls/id/782720 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1005 – JP1016 Markdown-Electron code injection
https://notcve.org/view.php?id=CVE-2023-1005
24 Feb 2023 — The manipulation leads to code injection. ... Dank der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/JP1016/Markdown-Electron/issues/3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-1004 – MarkText WSH JScript code injection
https://notcve.org/view.php?id=CVE-2023-1004
24 Feb 2023 — The manipulation leads to code injection. ... Durch Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/marktext/marktext/issues/3575 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-1003 – Typora WSH JScript code injection
https://notcve.org/view.php?id=CVE-2023-1003
24 Feb 2023 — The manipulation leads to code injection. ... Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/typora/typora-issues/issues/5623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25960 – WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-25960
24 Feb 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment permite la inyección SQL. Este problema afecta... • https://patchstack.com/database/vulnerability/zendrop-dropshipping-and-fulfillment/wordpress-zendrop-global-dropshipping-plugin-1-0-0-arbitrary-code-execution? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0585 – All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-0585
24 Feb 2023 — The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. WordPress All In One SEO Pack plugin versions 4.2.9 and below suffer from multiple persistent cross site scripti... • https://www.wordfence.com/threat-intel/vulnerabilities/id/3db97180-9308-4891-9de9-acefe31d088f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •