CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-20209
https://notcve.org/view.php?id=CVE-2023-20209
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges. • https://github.com/peter5he1by/CVE-2023-20209 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 490EXPL: 0CVE-2023-28075
https://notcve.org/view.php?id=CVE-2023-28075
A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38889
https://notcve.org/view.php?id=CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). Un problema en Alluxio v.2.9.3 y anteriores permite a un atacante ejecutar código arbitrario a través de un script manipulado en el parámetro username de lluxio.util.CommonUtils.getUnixGroups(java.lang.String). • https://github.com/Alluxio/alluxio/issues/17766 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38860
https://notcve.org/view.php?id=CVE-2023-38860
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. Un problema en LangChain v.0.0.231 permite a un atacante remoto ejecutar código arbitrario a través del parámetro prompt. • https://github.com/hwchase17/langchain/issues/7641 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48503 – webkitgtk: improper bounds checking leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48503
Processing web content may lead to arbitrary code execution. ... This issue occurs when processing web content, which may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213341 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 https://access.redhat.com/security/cve/CVE-2022-48503 https://bugzilla.redhat.com/show_bug.cgi?id=2218623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •