Page 78 of 8792 results (0.015 seconds)

CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0

In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. • https://www.sonos.com/en-us/security-advisory-2024-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0

This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. ... This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2024-43168 https://bugzilla.redhat.com/show_bug.cgi?id=2303462 https://github.com/NLnetLabs/unbound/issues/1039 https://github.com/NLnetLabs/unbound/pull/1040/files • CWE-122: Heap-based Buffer Overflow •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 17.0.6, 17.1 anterior a 17.1.4 y 17.2 anterior a 17.2.2. Se encontró un problema que permite a alguien abusar de una discrepancia entre la visualización de la aplicación web y la interfaz de línea de comando de git para realizar ingeniería social a las víctimas para clonar código no confiable. • https://gitlab.com/gitlab-org/gitlab/-/issues/456988 https://hackerone.com/reports/2437784 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0

A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Stored%20XSS.pdf https://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0

An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration. • https://www.abinitio.com/en/security-advisories/ab-2024-003 • CWE-94: Improper Control of Generation of Code ('Code Injection') •