CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-23517 – webkitgtk: memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-23517
Processing maliciously crafted web content may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213599 https://support.apple.com/en-us/HT213600 https://support.apple.com/en-us/HT213601 https://support.apple.com/en-us/HT213603 https://support.apple.com/en-us/HT213604 https://support.apple.com/en-us/HT213605 https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213638 https://access.redhat.com/security/cve/CVE-2023-23517 https://bugzilla.redhat.com/show_bug.cgi?id=2167717 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3CVE-2023-0179 – kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan
https://notcve.org/view.php?id=CVE-2023-0179
This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. • https://github.com/TurtleARM/CVE-2023-0179-PoC https://github.com/H4K6/CVE-2023-0179-PoC http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html https://bugzilla.redhat.com/show_bug.cgi?id=2161713 https://seclists.org/oss-sec/2023/q1/20 https://security.netapp.com/advisory/ntap-20230511-0003 https://access.redhat.com/security/cve/CVE-2023-0179 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2022-25860 – simple-git < 3.16.0 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-25860
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221). Las versiones del paquete simple-git anteriores a la 3.16.0 son vulnerables a la ejecución remota de código (RCE) a través de los métodos clone(), pull(), push() y listRemote(), debido a una sanitización de entrada inadecuada. Esta vulnerabilidad existe debido a una solución incompleta de [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221). The package simple-git is vulnerable to Remote Code Execution in versions before 3.16.0 via the clone(), pull(), push() and listRemote() methods due to improper input sanitization. • https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951 https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13 https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23735 – WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-23735
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Brainstorm Force Spectra permite la inyección de código. Este problema afecta a Spectra: desde n/a hasta 2.3.0. The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to HTML injection via Email in versions up to, and including, 2.3.1. This is due to insufficient input validation and output escaping of content being sent via email. • https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-3-0-unauthenticated-email-html-injection-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-36655
https://notcve.org/view.php?id=CVE-2020-36655
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file. Yii Yii2 Gii anterior a 2.2.2 permite a atacantes remotos ejecutar código de su elección a través del campo messageCategory de Generator.php. El atacante puede incrustar código PHP arbitrario en el archivo del modelo. • https://github.com/yiisoft/yii2-gii/issues/433 https://lab.wallarm.com/yii2-gii-remote-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') •