CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29404 – Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go
https://notcve.org/view.php?id=CVE-2023-29404
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. • https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX https://pkg.go.dev/vuln/GO-2023-1841 https://security.gentoo.org/glsa/202311-09 https://access.redhat.com/security/cve/CVE-2023-2940 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29402 – Code injection via go command with cgo in cmd/go
https://notcve.org/view.php?id=CVE-2023-29402
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected). • https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX https://pkg.go.dev/vuln/GO-2023-1839 https://security.gentoo.org/glsa/202311-09 https://access.redhat.com/security/cve/CVE-2023-2940 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2023-34237 – Remote code execution via specially crafted script settings in SABnzbd
https://notcve.org/view.php?id=CVE-2023-34237
SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. • https://github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc https://github.com/sabnzbd/sabnzbd/commit/e3a722664819d1c7c8fab97144cc299b1c18b429 https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-hhgh-xgh3-985r https://sabnzbd.org/wiki/configuration/4.0/general https://security.gentoo.org/glsa/202312-11 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 0CVE-2023-20889 – VMware Aria Operations for Networks exportPDF Code Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-20889
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware Aria Operations for Networks. Authentication is required to exploit this vulnerability. The specific flaw exists within the exportPDF method. The issue results from the lack of proper validation of a user-supplied string before using it to execute JavaScript code. • https://www.vmware.com/security/advisories/VMSA-2023-0012.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34111 – Command Injection Vulnerability in `Release PR Merged` Workflow in taosdata/grafanaplugin
https://notcve.org/view.php?id=CVE-2023-34111
The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. • https://github.com/taosdata/grafanaplugin/blob/master/.github/workflows/release-pr-merged.yaml#L25 https://github.com/taosdata/grafanaplugin/security/advisories/GHSA-23wp-p848-hcgr https://securitylab.github.com/research/github-actions-untrusted-input • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •