Total
5367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1097 | 1 Baicells | 2 Eg7035-m11, Eg7035-m11 Firmware | 2024-11-21 | N/A | 9.3 CRITICAL |
| Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery. | |||||
| CVE-2023-1049 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2024-11-21 | N/A | 7.8 HIGH |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI. | |||||
| CVE-2023-1005 | 1 Markdown-electron Project | 1 Markdown-electron | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-221738 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1004 | 2 Marktext, Microsoft | 2 Marktext, Windows | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability. | |||||
| CVE-2023-1003 | 2 Microsoft, Typora | 2 Windows, Typora | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736. | |||||
| CVE-2023-0888 | 1 Bbraun | 2 Battery-pack Sp With Wifi, Battery-pack Sp With Wifi Firmware | 2024-11-21 | N/A | 4.9 MEDIUM |
| An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks | |||||
| CVE-2023-0877 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. | |||||
| CVE-2023-0792 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 6.5 MEDIUM |
| Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2023-0671 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | |||||
| CVE-2023-0626 | 1 Docker | 1 Docker Desktop | 2024-11-21 | N/A | 8.0 HIGH |
| Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. | |||||
| CVE-2023-0625 | 1 Docker | 1 Docker Desktop | 2024-11-21 | N/A | 8.0 HIGH |
| Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. | |||||
| CVE-2023-0598 | 1 Ge | 1 Ifix | 2024-11-21 | N/A | 7.8 HIGH |
| GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | |||||
| CVE-2023-0575 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2024-11-21 | N/A | 7.2 HIGH |
| External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 | |||||
| CVE-2023-0462 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-11-21 | N/A | 8.0 HIGH |
| An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. | |||||
| CVE-2023-0297 | 1 Pyload | 1 Pyload | 2024-11-21 | N/A | 9.8 CRITICAL |
| Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. | |||||
| CVE-2023-0090 | 1 Proofpoint | 1 Enterprise Protection | 2024-11-21 | N/A | 9.8 CRITICAL |
| The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below. | |||||
| CVE-2023-0089 | 1 Proofpoint | 1 Enterprise Protection | 2024-11-21 | N/A | 8.8 HIGH |
| The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. | |||||
| CVE-2023-0048 | 1 Daloradius | 1 Daloradius | 2024-11-21 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository lirantal/daloradius prior to master-branch. | |||||
| CVE-2023-0022 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | N/A | 9.9 CRITICAL |
| SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application. | |||||
| CVE-2022-4300 | 1 Xjd2020 | 1 Fastcms | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability. | |||||