CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46648 – ruby-git: code injection vulnerability
https://notcve.org/view.php?id=CVE-2022-46648
A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. • https://github.com/ruby-git/ruby-git https://github.com/ruby-git/ruby-git/pull/602 https://jvn.jp/en/jp/JVN16765254/index.html https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html https://access.redhat.com/security/cve/CVE-2022-46648 https://bugzilla.redhat.com/show_bug.cgi?id=2169385 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-47318 – ruby-git: code injection vulnerability
https://notcve.org/view.php?id=CVE-2022-47318
A code injection flaw was found in the ruby-git package. • https://github.com/ruby-git/ruby-git https://github.com/ruby-git/ruby-git/pull/602 https://jvn.jp/en/jp/JVN16765254/index.html https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K https://access.redhat.com/security/cve/CVE-2022-47318 https://bugzilla.redhat.com/show_bug.cgi?id=2159672 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22357
https://notcve.org/view.php?id=CVE-2023-22357
A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU97575890/index.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22366
https://notcve.org/view.php?id=CVE-2023-22366
Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. • https://jvn.jp/en/vu/JVNVU91744508/index.html • CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 58%CPEs: 1EXPL: 5CVE-2023-0297 – Code Injection in pyload/pyload
https://notcve.org/view.php?id=CVE-2023-0297
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. • https://www.exploit-db.com/exploits/51532 https://github.com/Small-ears/CVE-2023-0297 https://github.com/JacobEbben/CVE-2023-0297 https://github.com/overgrowncarrot1/CVE-2023-0297 http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65 • CWE-94: Improper Control of Generation of Code ('Code Injection') •