CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1287 – ENOVIA Live Collaboration V6R2013xE is affected by an XSL template injection vulnerability
https://notcve.org/view.php?id=CVE-2023-1287
An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. • https://www.3ds.com/vulnerability/advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27986
https://notcve.org/view.php?id=CVE-2023-27986
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. • http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc http://www.openwall.com/lists/oss-security/2023/03/09/1 https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections https://www.openwall.com/lists/oss-security/2023/03/08/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27899 – Jenkins: Temporary plugin file created with insecure permissions
https://notcve.org/view.php?id=CVE-2023-27899
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution. ... If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. • https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823 https://access.redhat.com/security/cve/CVE-2023-27899 https://bugzilla.redhat.com/show_bug.cgi?id=2177626 • CWE-378: Creation of Temporary File With Insecure Permissions CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0090 – Proofpoint Enterprise Protection webservices unauthenticated RCE
https://notcve.org/view.php?id=CVE-2023-0090
The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below. • https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0089 – Proofpoint Enterprise Protection webutils authenticated RCE
https://notcve.org/view.php?id=CVE-2023-0089
The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. • https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •