CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2022-25894
https://notcve.org/view.php?id=CVE-2022-25894
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation. Todas las versiones del paquete com.bstek.uflo:uflo-core son vulnerables a la ejecución remota de código (RCE) en la clase ExpressionContextImpl a través de jexl.createExpression(expression).evaluate(context); functionality, debido a una validación inadecuada de la entrada del usuario. • https://fmyyy1.github.io/2022/10/23/uflo2rce https://github.com/youseries/uflo/blob/b3e198bc6523e5a6ba69edd84ba10e05a3b78726/uflo-core/src/main/java/com/bstek/uflo/expr/impl/ExpressionContextImpl.java%23L126 https://security.snyk.io/vuln/SNYK-JAVA-COMBSTEKUFLO-3091112 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-24508 – Remote Code Execution in Baicells RTS Platform
https://notcve.org/view.php?id=CVE-2023-24508
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. • https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMG https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23513
https://notcve.org/view.php?id=CVE-2023-23513
Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213603 https://support.apple.com/en-us/HT213604 https://support.apple.com/en-us/HT213605 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-23518 – webkitgtk: memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-23518
Processing maliciously crafted web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213599 https://support.apple.com/en-us/HT213600 https://support.apple.com/en-us/HT213601 https://support.apple.com/en-us/HT213603 https://support.apple.com/en-us/HT213604 https://support.apple.com/en-us/HT213605 https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213638 https://access.redhat.com/security/cve/CVE-2023-23518 https://bugzilla.redhat.com/show_bug.cgi?id=2167715 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-23496
https://notcve.org/view.php?id=CVE-2023-23496
Processing maliciously crafted web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213531 https://support.apple.com/en-us/HT213599 https://support.apple.com/en-us/HT213600 https://support.apple.com/en-us/HT213601 https://support.apple.com/en-us/HT213605 https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213638 •