CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32439 – Apple Multiple Products WebKit Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-32439
Processing maliciously crafted web content may lead to arbitrary code execution. ... This issue occurs when processing maliciously crafted web content, which may lead to arbitrary code execution. • https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213811 https://support.apple.com/en-us/HT213813 https://support.apple.com/en-us/HT213814 https://support.apple.com/en-us/HT213816 https://support.apple.com/kb/HT213814 https://support.apple.com/kb/HT213816 https://access.redhat.com/security/cve/CVE-2023-32439 https://bugzilla.redhat.com/show_bug.cgi?id=2218640 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35174 – Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
https://notcve.org/view.php?id=CVE-2023-35174
On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. • https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1 https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8 https://github.com/livebook-dev/livebook/releases/tag/v0.8.2 https://github.com/livebook-dev/livebook/releases/tag/v0.9.3 https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35926 – Insecure sandbox in Backstage Scaffolder plugin
https://notcve.org/view.php?id=CVE-2023-35926
The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. • https://github.com/backstage/backstage/commit/fb7375507d56faedcb7bb3665480070593c8949a https://github.com/backstage/backstage/releases/tag/v1.15.0 https://github.com/backstage/backstage/security/advisories/GHSA-wg6p-jmpc-xjmr • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3110 – Buffer overflow in S0 Decryption on Unify Gateway
https://notcve.org/view.php?id=CVE-2023-3110
Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0972 – Buffer overflow in S0 Decryption on Z/IP Gatweay
https://notcve.org/view.php?id=CVE-2023-0972
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000V6HZzQAN?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •