CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1097 – Unauthenticated Command Injection EG7035-M11 Series
https://notcve.org/view.php?id=CVE-2023-1097
Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. • https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756 https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-1017 – TPM2.0 vulnerable to out-of-bounds write
https://notcve.org/view.php?id=CVE-2023-1017
An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. ... This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope. • https://kb.cert.org/vuls/id/782720 https://trustedcomputinggroup.org/about/security https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf https://access.redhat.com/security/cve/CVE-2023-1017 https://bugzilla.redhat.com/show_bug.cgi?id=2149416 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1005 – JP1016 Markdown-Electron code injection
https://notcve.org/view.php?id=CVE-2023-1005
The manipulation leads to code injection. ... Dank der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/JP1016/Markdown-Electron/issues/3 https://vuldb.com/?ctiid.221738 https://vuldb.com/?id.221738 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-1004 – MarkText WSH JScript code injection
https://notcve.org/view.php?id=CVE-2023-1004
The manipulation leads to code injection. ... Durch Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/marktext/marktext/issues/3575 https://vuldb.com/?ctiid.221737 https://vuldb.com/?id.221737 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-1003 – Typora WSH JScript code injection
https://notcve.org/view.php?id=CVE-2023-1003
The manipulation leads to code injection. ... Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/typora/typora-issues/issues/5623 https://vuldb.com/?ctiid.221736 https://vuldb.com/?id.221736 • CWE-94: Improper Control of Generation of Code ('Code Injection') •