CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-40080
https://notcve.org/view.php?id=CVE-2022-40080
Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges. • https://acer.com https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-40080/CVE-2022-40080.md • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-23529 – Apple Multiple Products WebKit Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-23529
Processing maliciously crafted web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213633 https://support.apple.com/en-us/HT213635 https://support.apple.com/en-us/HT213638 https://support.apple.com/en-us/HT213673 https://access.redhat.com/security/cve/CVE-2023-23529 https://bugzilla.redhat.com/show_bug.cgi?id=2169934 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 22%CPEs: 1EXPL: 6CVE-2023-22855 – Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)
https://notcve.org/view.php?id=CVE-2023-22855
Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code. • https://www.exploit-db.com/exploits/51239 https://github.com/vianic/CVE-2023-22855 https://github.com/patrickhener/CVE-2023-22855 http://packetstormsecurity.com/files/171046/Kardex-Mlog-MCC-5.7.12-0-a203c2a213-master-File-Inclusion-Remote-Code-Execution.html http://packetstormsecurity.com/files/171689/Kardex-Mlog-MCC-5.7.12-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2023/Feb/10 https://github.com/patrickhener/CVE-2023-22855/blob/main/advisory/advisory.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2023-21553 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21553
Azure DevOps Server Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21553 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23551 – X-600M Code Injection
https://notcve.org/view.php?id=CVE-2023-23551
Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •