CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 1CVE-2023-35150 – XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application
https://notcve.org/view.php?id=CVE-2023-35150
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8. • https://github.com/xwiki/xwiki-platform/commit/b65220a4d86b8888791c3b643074ebca5c089a3a https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6mf5-36v9-3h2w https://jira.xwiki.org/browse/XWIKI-20285 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 6.8EPSS: 0%CPEs: 62EXPL: 0CVE-2023-32480
https://notcve.org/view.php?id=CVE-2023-32480
An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution. • https://www.dell.com/support/kbdoc/en-us/000214779/dsa-2023-175-dell-client-bios-security-update-for-an-improper-input-validation-vulnerability • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32435 – Apple Multiple Products WebKit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2023-32435
Processing web content may lead to arbitrary code execution. ... This issue occurs when processing web content, which may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213671 https://support.apple.com/en-us/HT213676 https://support.apple.com/en-us/HT213811 https://access.redhat.com/security/cve/CVE-2023-32435 https://bugzilla.redhat.com/show_bug.cgi?id=2218626 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23539
https://notcve.org/view.php?id=CVE-2023-23539
Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213605 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32419
https://notcve.org/view.php?id=CVE-2023-32419
A remote attacker may be able to cause arbitrary code execution. • https://support.apple.com/en-us/HT213757 •