CVSS: 10.0EPSS: 80%CPEs: 1EXPL: 8CVE-2023-22855 – Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)
https://notcve.org/view.php?id=CVE-2023-22855
15 Feb 2023 — Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code. • https://packetstorm.news/files/id/171046 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-23529 – Apple Multiple Products WebKit Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-23529
15 Feb 2023 — Processing maliciously crafted web content may lead to arbitrary code execution. ... If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. • https://support.apple.com/en-us/HT213633 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-21553 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21553
14 Feb 2023 — Azure DevOps Server Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21553 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-23551 – X-600M Code Injection
https://notcve.org/view.php?id=CVE-2023-23551
13 Feb 2023 — Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22346
https://notcve.org/view.php?id=CVE-2023-22346
13 Feb 2023 — Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98917488 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22353
https://notcve.org/view.php?id=CVE-2023-22353
13 Feb 2023 — Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98917488 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22350
https://notcve.org/view.php?id=CVE-2023-22350
13 Feb 2023 — Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98917488 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22349
https://notcve.org/view.php?id=CVE-2023-22349
13 Feb 2023 — Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98917488 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22347
https://notcve.org/view.php?id=CVE-2023-22347
13 Feb 2023 — Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98917488 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22360
https://notcve.org/view.php?id=CVE-2023-22360
13 Feb 2023 — Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98917488 • CWE-416: Use After Free •