CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0776 – Remote Code Execution in Baicells QRTB Platform
https://notcve.org/view.php?id=CVE-2023-0776
Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. • https://baicells.com/Service/Firmware • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 160EXPL: 0CVE-2022-34377
https://notcve.org/view.php?id=CVE-2022-34377
A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. • https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2022-46649
https://notcve.org/view.php?id=CVE-2022-46649
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001 https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04 https://www.otorio.com/blog/airlink-acemanager-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 1CVE-2022-46650
https://notcve.org/view.php?id=CVE-2022-46650
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001 https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04 https://www.otorio.com/blog/airlink-acemanager-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-0575 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-0575
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. • https://www.yugabyte.com • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-642: External Control of Critical State Data •