CVSS: 3.7EPSS: 0%CPEs: 19EXPL: 0CVE-2023-21843 – OpenJDK: soundbank URL remote loading (Sound, 8293742)
https://notcve.org/view.php?id=CVE-2023-21843
17 Jan 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://security.gentoo.org/glsa/202401-25 • CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-21835 – OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)
https://notcve.org/view.php?id=CVE-2023-21835
17 Jan 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partia... • https://security.gentoo.org/glsa/202401-25 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2023-21830 – OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021)
https://notcve.org/view.php?id=CVE-2023-21830
17 Jan 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert o... • https://security.gentoo.org/glsa/202401-25 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 1CVE-2022-41903 – Integer overflow in `git archive`, `git log --format` leading to RCE in git
https://notcve.org/view.php?id=CVE-2022-41903
17 Jan 2023 — This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. ... This integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution. • https://github.com/sondermc/git-cveissues • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22731 – Improper Control of Generation of Code in Twig rendered views in shopware
https://notcve.org/view.php?id=CVE-2023-22731
17 Jan 2023 — Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The attacker must have access to a Twig environment in order to exploit this vulnerability. This problem has been fixed with 6.4.18.1 with an override of the specified filters until the integratio... • https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-47318 – ruby-git: code injection vulnerability
https://notcve.org/view.php?id=CVE-2022-47318
17 Jan 2023 — A code injection flaw was found in the ruby-git package. • https://github.com/ruby-git/ruby-git • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46648 – ruby-git: code injection vulnerability
https://notcve.org/view.php?id=CVE-2022-46648
17 Jan 2023 — A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. • https://github.com/ruby-git/ruby-git • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22357
https://notcve.org/view.php?id=CVE-2023-22357
17 Jan 2023 — A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU97575890/index.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22366
https://notcve.org/view.php?id=CVE-2023-22366
17 Jan 2023 — Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU91744508/index.html • CWE-824: Access of Uninitialized Pointer •
CVSS: 10.0EPSS: 95%CPEs: 1EXPL: 11CVE-2023-0297 – Code Injection in pyload/pyload
https://notcve.org/view.php?id=CVE-2023-0297
14 Jan 2023 — Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. • https://packetstorm.news/files/id/172914 • CWE-94: Improper Control of Generation of Code ('Code Injection') •