Page 398 of 8781 results (0.029 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

This can lead to arbitrary code execution. • https://github.com/merces/libpe/issues/35 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. • https://www.3ds.com/vulnerability/advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. • http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc http://www.openwall.com/lists/oss-security/2023/03/09/1 https://www.gabriel.urdhr.fr/2023/06/08/emacsclient-mail-shell-elisp-injections https://www.openwall.com/lists/oss-security/2023/03/08/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution. ... If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. • https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823 https://access.redhat.com/security/cve/CVE-2023-27899 https://bugzilla.redhat.com/show_bug.cgi?id=2177626 • CWE-378: Creation of Temporary File With Insecure Permissions CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below. • https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •