CVSS: 8.8EPSS: 0%CPEs: 52EXPL: 1CVE-2023-23912 – Ubiquiti Networks EdgeOS dhcp6c Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-23912
09 Feb 2023 — A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ubiquiti Networks EdgeOS. Authentication is not requir... • https://community.ui.com/releases/Security-Advisory-Bulletin-028-028/696e4e3b-718c-4da4-9a21-965a85633b5f • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43762 – Memory leak when receiving messages in APROL Tbase server
https://notcve.org/view.php?id=CVE-2022-43762
08 Feb 2023 — Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages • https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-22643 – libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls
https://notcve.org/view.php?id=CVE-2023-22643
07 Feb 2023 — An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata ver... • https://bugzilla.suse.com/show_bug.cgi?id=1206836 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-42826 – webkitgtk: use-after-free issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-42826
07 Feb 2023 — Processing maliciously crafted web content may lead to arbitrary code execution. ... This may allow an attacker to trick the victim to visit a specially crafted website, causing an application to halt, crash, or perform arbitrary code execution. ... Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted... • https://security.gentoo.org/glsa/202305-32 • CWE-416: Use After Free •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0671 – Code Injection in froxlor/froxlor
https://notcve.org/view.php?id=CVE-2023-0671
04 Feb 2023 — Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. • https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-23477 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2023-23477
03 Feb 2023 — IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245513 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24576
https://notcve.org/view.php?id=CVE-2023-24576
03 Feb 2023 — EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used. • https://www.dell.com/support/kbdoc/en-us/000208258/dsa-2023-041-dell-networker-security-update-for-nsrdump-vulnerability • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 50EXPL: 0CVE-2022-43779
https://notcve.org/view.php?id=CVE-2022-43779
03 Feb 2023 — A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. • https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2021-36424
https://notcve.org/view.php?id=CVE-2021-36424
03 Feb 2023 — An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. • https://github.com/slackero/phpwcms/issues/310 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2022-46604 – Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-46604
02 Feb 2023 — An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. • https://packetstorm.news/files/id/171720 • CWE-434: Unrestricted Upload of File with Dangerous Type •