CVSS: 9.8EPSS: 96%CPEs: 28EXPL: 0CVE-2023-38203 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-38203
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 8%CPEs: 5EXPL: 8CVE-2023-38408 – openssh: Remote code execution in ssh-agent PKCS#11 support
https://notcve.org/view.php?id=CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. La característica PKCS#11 en ssh-agent en OpenSSH anterior a 9.3p2 tiene una ruta de búsqueda insuficientemente confiable, lo que lleva a la ejecución remota de código si un agente se reenvía a un sistema controlado por un atacante. (El código en /usr/lib no es necesariamente seguro para cargar en ssh-agent). • https://github.com/kali-mx/CVE-2023-38408 https://github.com/LucasPDiniz/CVE-2023-38408 https://github.com/classic130/CVE-2023-38408 https://github.com/mrtacojr/CVE-2023-38408 https://github.com/wxrdnx/CVE-2023-38408 http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html http://www.openwall.com/lists/oss-security/2023/07/20/1 http://www.openwall.com/lists/oss-security/2023/07/20/2 http://www.openwall.com/lists/oss-security/ • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-428: Unquoted Search Path or Element •
CVSS: 9.8EPSS: 96%CPEs: 8EXPL: 10CVE-2023-3519 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-3519
Unauthenticated remote code execution Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. • https://github.com/BishopFox/CVE-2023-3519 https://github.com/mr-r3b00t/CVE-2023-3519 https://github.com/SalehLardhi/CVE-2023-3519 https://github.com/Chocapikk/CVE-2023-3519 https://github.com/Mohammaddvd/CVE-2023-3519 https://github.com/d0rb/CVE-2023-3519 https://github.com/KR0N-SECURITY/CVE-2023-3519 https://github.com/passwa11/CVE-2023-3519 https://github.com/JonaNeidhart/CVE-2023-3519-BackdoorCheck http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-C • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28744
https://notcve.org/view.php?id=CVE-2023-28744
This can lead to memory corruption and arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1739 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27379
https://notcve.org/view.php?id=CVE-2023-27379
By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1756 • CWE-416: Use After Free •