CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0888 – Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi
https://notcve.org/view.php?id=CVE-2023-0888
An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks • https://www.bbraun.com/productsecurity https://www.bbraunusa.com/productsecurity • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1367 – Code Injection in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2023-1367
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/453c6e130229718680c91bef450db643a0f263e4 https://huntr.dev/bounties/16bc74e2-1825-451f-bff7-bfdc1ea75cc2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45423
https://notcve.org/view.php?id=CVE-2021-45423
This can lead to arbitrary code execution. • https://github.com/merces/libpe/issues/35 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1287 – ENOVIA Live Collaboration V6R2013xE is affected by an XSL template injection vulnerability
https://notcve.org/view.php?id=CVE-2023-1287
An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. • https://www.3ds.com/vulnerability/advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27986
https://notcve.org/view.php?id=CVE-2023-27986
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. • http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc http://www.openwall.com/lists/oss-security/2023/03/09/1 https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections https://www.openwall.com/lists/oss-security/2023/03/08/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •