CVSS: 9.8EPSS: 0%CPEs: 130EXPL: 0CVE-2023-34644
https://notcve.org/view.php?id=CVE-2023-34644
Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth. • https://www.ruijie.com.cn/gy/xw-aqtg-gw/91389 https://www.ruijienetworks.com/support/securityBulletins/cybersecurity_bulletins/10001 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34842
https://notcve.org/view.php?id=CVE-2023-34842
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. • http://dedecms.com https://www.dedecms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36542 – Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources
https://notcve.org/view.php?id=CVE-2023-36542
Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation. • http://seclists.org/fulldisclosure/2023/Jul/43 http://www.openwall.com/lists/oss-security/2023/07/29/1 https://lists.apache.org/thread/swnly3dzhhq9zo3rofc8djq77stkhbof https://nifi.apache.org/security.html#CVE-2023-36542 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-38592 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-38592
Processing web content may lead to arbitrary code execution. ... This issue occurs when processing malicious web content, which may lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2023/08/02/1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213841 https://support.apple.com/en-us/HT213843 https://support.apple.com/en-us/HT213846 https://support.apple.com/en-us/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39010
https://notcve.org/view.php?id=CVE-2023-39010
BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. • https://github.com/lessthanoptimal/BoofCV/issues/406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •