NotCVE - "Ace"

Page 288 of 11035 results (0.020 seconds)

CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 1

CVE-2022-25894

https://notcve.org/view.php?id=CVE-2022-25894

25 Jan 2023 — All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation. Todas las versiones del paquete com.bstek.uflo:uflo-core son vulnerables a la ejecución remota de código (RCE) en la clase ExpressionContextImpl a través de jexl.createExpression(expression).evaluate(context); functionality, debido a una validación inadecuada de la e... • https://fmyyy1.github.io/2022/10/23/uflo2rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-24508 – Remote Code Execution in Baicells RTS Platform

https://notcve.org/view.php?id=CVE-2023-24508

24 Jan 2023 — Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. • https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMG • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1

CVE-2022-25860 – simple-git < 3.16.0 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2022-25860

24 Jan 2023 — Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221). Las versiones del paquete simple-git anteriores a la 3.16.0 son vulnerables a la ejecución remota de código (RCE) a través de los métodos clone(), pull(), push() y listRemote(), debido a una san... • https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-23517 – webkitgtk: memory corruption issue leading to arbitrary code execution

https://notcve.org/view.php?id=CVE-2023-23517

24 Jan 2023 — Processing maliciously crafted web content may lead to arbitrary code execution. ... Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213599 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-23496 – Apple Security Advisory 2023-01-23-7

https://notcve.org/view.php?id=CVE-2023-23496

24 Jan 2023 — Processing maliciously crafted web content may lead to arbitrary code execution. macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213531 •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-23518 – webkitgtk: memory corruption issue leading to arbitrary code execution

https://notcve.org/view.php?id=CVE-2023-23518

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-23513 – Apple Security Advisory 2023-01-23-6

https://notcve.org/view.php?id=CVE-2023-23513

24 Jan 2023 — Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213603 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3

CVE-2023-0179 – kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan

https://notcve.org/view.php?id=CVE-2023-0179

24 Jan 2023 — This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. • https://github.com/TurtleARM/CVE-2023-0179-PoC • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-23735 – WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability

https://notcve.org/view.php?id=CVE-2023-23735

23 Jan 2023 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Brainstorm Force Spectra permite la inyección de código. Este problema afecta a Spectra: desde n/a hasta 2.3.0. The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to HTM... • https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-unauthenticated-email-html-injection-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 2

CVE-2020-36655

https://notcve.org/view.php?id=CVE-2020-36655

21 Jan 2023 — Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file. Yii Yii2 Gii anterior a 2.2.2 permite a atacantes remotos ejecutar código de su elección a través del campo messageCategory de Generator.php. El atacante puede incrustar código PHP arbitrario en el archivo del modelo. • https://github.com/yiisoft/yii2-gii/issues/433 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

1...286 287 288 289 290