CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1CVE-2023-35086 – ASUS RT-AX56U V2 & RT-AC86U - Format String -1
https://notcve.org/view.php?id=CVE-2023-35086
A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529. • https://github.com/tin-z/CVE-2023-35086-POC https://www.twcert.org.tw/tw/cp-132-7240-a5f96-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28730
https://notcve.org/view.php?id=CVE-2023-28730
A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. • https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28729
https://notcve.org/view.php?id=CVE-2023-28729
A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. • https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28728
https://notcve.org/view.php?id=CVE-2023-28728
A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. • https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 80%CPEs: 8EXPL: 30CVE-2023-38646 – Metabase 0.46.6 Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-38646
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2. Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. • https://github.com/robotmikhro/CVE-2023-38646 https://github.com/Pyr0sec/CVE-2023-38646 https://github.com/kh4sh3i/CVE-2023-38646 https://github.com/SUT0L/CVE-2023-38646 https://github.com/Red4mber/CVE-2023-38646 https://github.com/AnvithLobo/CVE-2023-38646 https://github.com/raytheon0x21/CVE-2023-38646 https://github.com/UserConnecting/Exploit-CVE-2023-38646-Metabase https://github.com/j0yb0y0h/CVE-2023-38646 https://github.com/xchg-rax-rax/CVE-2023-38646 https://g •