CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22745 – Buffer Overlow in TSS2_RC_Decode in tpm2-tss
https://notcve.org/view.php?id=CVE-2023-22745
19 Jan 2023 — This Buffer overrun, could result in arbitrary code execution. ... This buffer overrun could result in arbitrary code execution. • https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-47990 – IBM AIX denial of service
https://notcve.org/view.php?id=CVE-2022-47990
18 Jan 2023 — IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243556 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32490
https://notcve.org/view.php?id=CVE-2022-32490
18 Jan 2023 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000204685 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-34401
https://notcve.org/view.php?id=CVE-2022-34401
18 Jan 2023 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000204679 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2022-34460
https://notcve.org/view.php?id=CVE-2022-34460
18 Jan 2023 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000204686 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2022-34393
https://notcve.org/view.php?id=CVE-2022-34393
18 Jan 2023 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000204686 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34456
https://notcve.org/view.php?id=CVE-2022-34456
18 Jan 2023 — Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. • https://www.dell.com/support/kbdoc/en-us/000204057/dsa-2022-267-dell-emc-metronode-vs5-security-update-for-multiple-third-party-component-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-21606 – Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21606
18 Jan 2023 — Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-01.html • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23645 – WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-23645
18 Jan 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2. ... The MainWP Code Snippets Extension for WordPress is vulnerable to code injection in versions up to, and including, 4.0.2. • https://patchstack.com/database/vulnerability/mainwp-code-snippets-extension/wordpress-mainwp-code-snippets-extension-plugin-4-0-2-subscriber-arbitrary-php-code-injection-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2023-21605 – Adobe Acrobat Reader DC Font Parsing Heap-based Buffer Overflow Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-21605
18 Jan 2023 — Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-01.html • CWE-122: Heap-based Buffer Overflow •