CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22345
https://notcve.org/view.php?id=CVE-2023-22345
13 Feb 2023 — Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU98917488 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 95%CPEs: 103EXPL: 1CVE-2023-25717 – Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
https://notcve.org/view.php?id=CVE-2023-25717
13 Feb 2023 — Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, an... • https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0788 – Code Injection in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2023-0788
12 Feb 2023 — Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. • https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0792 – Code Injection in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2023-0792
12 Feb 2023 — Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. • https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0776 – Remote Code Execution in Baicells QRTB Platform
https://notcve.org/view.php?id=CVE-2023-0776
10 Feb 2023 — Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. • https://baicells.com/Service/Firmware • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 160EXPL: 0CVE-2022-34377
https://notcve.org/view.php?id=CVE-2022-34377
10 Feb 2023 — A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. • https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 1%CPEs: 10EXPL: 1CVE-2022-46649
https://notcve.org/view.php?id=CVE-2022-46649
10 Feb 2023 — Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. • https://www.otorio.com/blog/airlink-acemanager-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 1CVE-2022-46650
https://notcve.org/view.php?id=CVE-2022-46650
10 Feb 2023 — Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. • https://www.otorio.com/blog/airlink-acemanager-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-0575 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-0575
09 Feb 2023 — External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. • https://www.yugabyte.com • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-642: External Control of Critical State Data •
CVSS: 7.8EPSS: 0%CPEs: 87EXPL: 0CVE-2023-21420
https://notcve.org/view.php?id=CVE-2023-21420
09 Feb 2023 — Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-134: Use of Externally-Controlled Format String •