NotCVE - "execute arbitrary code"

Page 88 of 38494 results (0.057 seconds)

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-9348 – Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view

https://notcve.org/view.php?id=CVE-2024-9348

Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. Docker Desktop anterior a v4.34.3 permite RCE a través de un enlace de origen de GitHub no desinfectado en la vista de compilación. • https://docs.docker.com/desktop/release-notes/#4343 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

CVE-2024-45257 – BYOB Unauthenticated Remote Code Execution

https://notcve.org/view.php?id=CVE-2024-45257

https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-32192 – Rancher API Server Cross-site Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2023-32192

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser Se ha identificado una vulnerabilidad en la que se pueden explotar cross-site scripting (XSS) no autenticadas en el endpoint de la API pública del servidor API, lo que permite a un atacante ejecutar código JavaScript arbitrario en el navegador de la víctima. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32192 https://github.com/rancher/apiserver/security/advisories/GHSA-833m-37f7-jq55 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0

CVE-2024-6380 – Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

https://notcve.org/view.php?id=CVE-2024-6380

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. • https://www.3ds.com/vulnerability/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-32188 – JWT token compromise can allow malicious actions including Remote Code Execution (RCE)

https://notcve.org/view.php?id=CVE-2023-32188

This can lead to an RCE. ... Esto puede dar lugar a una RCE. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188 https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x • CWE-1270: Generation of Incorrect Security Tokens •

1...86 87 88 89 90