CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26314
https://notcve.org/view.php?id=CVE-2023-26314
22 Feb 2023 — The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. • https://bugs.debian.org/972146 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-25657 – Remote code execution in Jinja2 template rendering in Nautobot
https://notcve.org/view.php?id=CVE-2023-25657
21 Feb 2023 — Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active expl... • https://github.com/nautobot/nautobot/commit/d47f157e83b0c353bb2b697f911882c71cf90ca0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26266 – Gentoo Linux Security Advisory 202408-27
https://notcve.org/view.php?id=CVE-2023-26266
21 Feb 2023 — A vulnerability has been discovered in AFLplusplus, which can lead to arbitrary code execution via an untrusted CWD. • https://github.com/AFLplusplus/AFLplusplus/pull/1643 •
CVSS: 9.1EPSS: 0%CPEs: 99EXPL: 2CVE-2022-46836 – PHP code injection in watolib
https://notcve.org/view.php?id=CVE-2022-46836
20 Feb 2023 — PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. • https://github.com/JacobEbben/CVE-2022-46836_remote_code_execution • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21575 – Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21575
17 Feb 2023 — Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb23-11.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22228 – Adobe Bridge Improper Input Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-22228
17 Feb 2023 — Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/bridge/apsb23-09.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21622 – Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21622
17 Feb 2023 — FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/framemaker/apsb23-06.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22229 – Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-22229
17 Feb 2023 — Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/bridge/apsb23-09.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26277 – Security Advisory | PendingIntent hijacking vulnerability in Framework Services
https://notcve.org/view.php?id=CVE-2021-26277
17 Feb 2023 — The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. • https://www.vivo.com/en/support/security-advisory-detail?id=8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2023-22234 – Adobe Premiere Rush PSD file Stack-based Buffer Overflow Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-22234
17 Feb 2023 — Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/premiere_rush/apsb23-14.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •