Total
1043 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37565 | 1 Elecom | 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more | 2024-11-21 | N/A | 8.0 HIGH |
| Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. | |||||
| CVE-2023-37274 | 1 Agpt | 1 Auto-gpt | 2024-11-21 | N/A | 7.5 HIGH |
| Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which should not have access to any files outside of the Auto-GPT workspace directory. Before v0.4.3, the `execute_python_code` command (introduced in v0.4.1) does not sanitize the `basename` arg before writing LLM-supplied code to a file with an LLM-supplied name. This allows for a path traversal attack that can overwrite any .py file outside the workspace directory by specifying a `basename` such as `../../../main.py`. This can further be abused to achieve arbitrary code execution on the host running Auto-GPT by e.g. overwriting autogpt/main.py which will be executed outside of the docker environment meant to sandbox custom python code execution the next time Auto-GPT is started. The issue has been patched in version 0.4.3. As a workaround, the risk introduced by this vulnerability can be remediated by running Auto-GPT in a virtual machine, or another environment in which damage to files or corruption of the program is not a critical problem. | |||||
| CVE-2023-37273 | 1 Agpt | 1 Auto-gpt | 2024-11-21 | N/A | 8.1 HIGH |
| Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing `docker compose run auto-gpt` in the repo root uses a different docker-compose.yml file from the one suggested in the official docker set up instructions. The docker-compose.yml file located in the repo root mounts itself into the docker container without write protection. This means that if malicious custom python code is executed via the `execute_python_file` and `execute_python_code` commands, it can overwrite the docker-compose.yml file and abuse it to gain control of the host system the next time Auto-GPT is started. The issue has been patched in version 0.4.3. | |||||
| CVE-2023-36992 | 1 Travianz Project | 1 Travianz | 2024-11-21 | N/A | 7.2 HIGH |
| PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. | |||||
| CVE-2023-36923 | 1 Sap | 1 Powerdesigner | 2024-11-21 | N/A | 7.8 HIGH |
| SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2023-36859 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. | |||||
| CVE-2023-36789 | 1 Microsoft | 1 Skype For Business Server | 2024-11-21 | N/A | 7.2 HIGH |
| Skype for Business Remote Code Execution Vulnerability | |||||
| CVE-2023-36467 | 1 Amazon | 1 Aws-dataall | 2024-11-21 | N/A | 8.0 HIGH |
| AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around. | |||||
| CVE-2023-36437 | 1 Microsoft | 1 Azure Pipelines Agent | 2024-11-21 | N/A | 8.8 HIGH |
| Azure DevOps Server Remote Code Execution Vulnerability | |||||
| CVE-2023-36255 | 1 Eramba | 1 Eramba | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL. | |||||
| CVE-2023-35926 | 1 Linuxfoundation | 1 Backstage | 2024-11-21 | N/A | 8.0 HIGH |
| Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of `@backstage/plugin-scaffolder-backend`. | |||||
| CVE-2023-35897 | 1 Ibm | 2 Storage Protect, Storage Protect Client | 2024-11-21 | N/A | 8.4 HIGH |
| IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. | |||||
| CVE-2023-35333 | 1 Microsoft | 1 Pandocupload | 2024-11-21 | N/A | 8.8 HIGH |
| MediaWiki PandocUpload Extension Remote Code Execution Vulnerability | |||||
| CVE-2023-34999 | 1 Bosch | 1 Rts Vlink Virtual Matrix | 2024-11-21 | N/A | 8.4 HIGH |
| A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface. | |||||
| CVE-2023-34195 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by the same module near the end of the function. By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set. | |||||
| CVE-2023-33469 | 1 Kramerav | 4 Via Connect2, Via Connect2 Firmware, Via Go2 and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level. | |||||
| CVE-2023-32697 | 1 Sqlite Jdbc Project | 1 Sqlite Jdbc | 2024-11-21 | N/A | 8.8 HIGH |
| SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. | |||||
| CVE-2023-32540 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | N/A | 7.2 HIGH |
| In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. | |||||
| CVE-2023-32418 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-31315 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. | |||||