Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-27744

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-02 Jun, 2023 | 00:00
Updated At-09 Jan, 2025 | 18:44
Rejected At-
Credits

An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:02 Jun, 2023 | 00:00
Updated At:09 Jan, 2025 | 18:44
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf
N/A
https://www.whiteoaksecurity.com/blog/titanftp-vulnerability-disclosure/
N/A
Hyperlink: https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf
Resource: N/A
Hyperlink: https://www.whiteoaksecurity.com/blog/titanftp-vulnerability-disclosure/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf
x_transferred
https://www.whiteoaksecurity.com/blog/titanftp-vulnerability-disclosure/
x_transferred
Hyperlink: https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf
Resource:
x_transferred
Hyperlink: https://www.whiteoaksecurity.com/blog/titanftp-vulnerability-disclosure/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94 Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: CWE-94 Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:02 Jun, 2023 | 04:15
Updated At:09 Jan, 2025 | 19:15

An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
southrivertech
southrivertech
>>titan_ftp_server_nextgen>>Versions before 2.1.0.2174(exclusive)
cpe:2.3:a:southrivertech:titan_ftp_server_nextgen:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-94Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-94
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdfcve@mitre.org
Release Notes
https://www.whiteoaksecurity.com/blog/titanftp-vulnerability-disclosure/cve@mitre.org
Exploit
Third Party Advisory
https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdfaf854a3a-2127-422b-91ae-364da2661108
Release Notes
https://www.whiteoaksecurity.com/blog/titanftp-vulnerability-disclosure/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://www.whiteoaksecurity.com/blog/titanftp-vulnerability-disclosure/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Hyperlink: https://www.whiteoaksecurity.com/blog/titanftp-vulnerability-disclosure/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

76Records found
CVE-2023-34195
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.17%
||
7 Day CHG~0.00%
Published-18 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by the same module near the end of the function. By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-insydeh2on/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23264
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.82%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 15:21
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Megatron LM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-24159
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.04%
||
7 Day CHG+0.01%
Published-27 Jan, 2025 | 21:45
Updated-19 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-watchosiphone_osmacostvosvisionosipadosmacOSiPadOSiOS and iPadOStvOSvisionOSwatchOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23265
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.82%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 15:29
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Megatron LM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23298
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.70%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:28
Updated-14 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA Merlin Transformers4Rec
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23306
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.70%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:35
Updated-14 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Megatron-LM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23312
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 18:29
Updated-27 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23315
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 18:30
Updated-27 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23307
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 18:25
Updated-27 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA NeMo Curator
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23314
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 18:30
Updated-27 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23305
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.70%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:35
Updated-14 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Megatron-LM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23313
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 18:30
Updated-27 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-16283
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.71%
||
7 Day CHG~0.00%
Published-09 Jun, 2023 | 17:29
Updated-06 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.
Product-windowssoftpaq_installerHP Softpaq installer
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-29216
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.68%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 23:35
Updated-22 Apr, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code injection in `saved_model_cli` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-8258
Matching Score-4
Assigner-Logitech
ShareView Details
Matching Score-4
Assigner-Logitech
CVSS Score-2||LOW
EPSS-0.24% / 47.58%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 08:36
Updated-27 Sep, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

Action-Not Available
Vendor-logitechLogitechlogitechApple Inc.
Product-logi_options\+macosLogitech Options Plusoptions_plus
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-9050
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.28%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 12:14
Updated-27 Aug, 2025 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Networkmanager-libreswan: local privilege escalation via leftupdown

A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 7.7 Advanced Update SupportRed Hat Enterprise Linux 10
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-50804
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.09% / 86.26%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 00:00
Updated-19 Nov, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder

Action-Not Available
Vendor-n/amicro-star_international
Product-n/amsi_center_pro
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-40671
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.10%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 17:25
Updated-17 Dec, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-862
Missing Authorization
CVE-2022-23120
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-1.20% / 78.03%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 18:11
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro IncorporatedLinux Kernel Organization, Inc
Product-deep_security_agentlinux_kernelTrend Micro Deep Security Agent for Linux
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-33469
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.18%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 00:00
Updated-10 Oct, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.

Action-Not Available
Vendor-krameravn/akramerav
Product-via_connect2_firmwarevia_go2via_connect2via_go2_firmwaren/avia_go2via_connect2
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-27537
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.92%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:26
Updated-27 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-eliteone_1000_g1_23.8-in_all-in-one_business_firmwareprodesk_400_g4_microtower_firmwarez2_mini_g4_workstationelitebook_x360_1040_g7_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_businesselitebook_845_g8_firmwarezhan_66_pro_15_g2_firmwareelitedesk_800_g6_desktop_miniprobook_x360_11_g7_eeprobook_430_g7elitebook_865_g9elitebook_x360_1030_g7_firmwareelitedesk_800_g5_desktop_minielitebook_735_g6_firmwareelitebook_x360_1030_g4_firmwareelitebook_840_g9_firmwarezhan_66_pro_13_g2probook_430_g8probook_440_g8elitebook_755_g5_firmwareproone_400_g5_23.8-inch_all-in-one_business_firmwarezbook_17_g6zbook_firefly_15_g7engage_flex_pro_retail_systemz2_small_form_factor_g5_workstationzbook_firefly_14_g9elite_sliceprodesk_405_g6_small_form_factorelitedesk_705_g4_small_form_factorprobook_445r_g6_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_firmwareeliteone_800_g8_27_all-in-oneelitebook_630_g9_firmwareelitedesk_800_g6_small_form_factor_firmwareprodesk_480_g4_microtowerproone_440_g6_24_all-in-one_firmwareeliteone_800_g3_23.8-inch_touch_gpu_all-in-one_firmwareprodesk_400_g4_desktop_miniproone_600_g3_21.5-inch_non-touch_all-in-oneelitebook_1040_g3elitebook_735_g5elitedesk_880_g6_towerelitedesk_800_g8_tower_firmwareprobook_640_g4_firmwareelitedesk_800_65w_g3_desktop_mini_firmwareproone_440_g5_23.8-in_all-in-one_business_firmwarezbook_studio_g7_firmwareprodesk_680_g4_microtower_firmwareprodesk_680_g6_firmwarezbook_power_g9zbook_power_g8pro_mini_400_g9elite_x2_1012_g1elitebook_835_g7_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-onepro_mini_400_g9_firmwarezhan_66_pro_g3_24_all-in-one_firmwareproone_400_g6_24_all-in-oneproone_440_23.8_inch_g9_all-in-one_firmwareelitedesk_880_g3_towerzbook_studio_g9_firmwarezbook_studio_x360_g5_firmwareelitedesk_705_g3elitebook_830_g8_firmwarezhan_66_pro_g3_24_all-in-oneprobook_450_g8_firmwareprobook_650_g7elitebook_835_g9_firmwareprodesk_600_g2_desktop_mini_firmwareproone_600_g2_21.5-inch_non-touch_all-in-onemp9_g2_retail_system_firmwarez1_entry_tower_g5_workstation_firmwarepro_x360_fortis_g10prodesk_400_g6_small_form_factorprodesk_400_g4_small_form_factor_firmwareeliteone_1000_g1_23.8-in_all-in-one_businesselitedesk_800_g3_tower_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_businesselitedesk_805_g6_small_form_factor_firmwareprobook_x360_11_g7_ee_firmwarezbook_fury_15_g8_firmwareelite_tower_880_g9_firmwareengage_flex_pro_retail_system_firmwareelitedesk_880_g5_towerproone_400_g3_20-inch_non-touch_all-in-oneengage_flex_pro-c_retail_system_firmwareelitedesk_880_g5_tower_firmwareelitedesk_880_g3_tower_firmwareelitedesk_705_g5_desktop_mini_firmwareelite_dragonfly_g2engage_one_pro_aio_system_firmwarezbook_14u_g5elite_tower_680_g9probook_430_g7_firmwareelitedesk_800_g5_desktop_mini_firmwarezhan_66_pro_g3_22_all-in-oneelitebook_845_g9prodesk_680_g2_microtowerelitedesk_800_35w_g3_desktop_mini_firmwareprodesk_600_g5_desktop_mini_firmwareprobook_455_g6_firmwareprodesk_405_g8_desktop_mini_firmwareprobook_445_g8probook_445_g8_firmwareproone_400_g2_20-inch_non-touch_all-in-one_firmwarez2_small_form_factor_g4_workstation_firmwareprodesk_600_g6_firmwareprobook_fortis_g9_firmwareelitebook_845_g7elitebook_645_g9zhan_66_pro_a_14_g3_firmwarepro_tower_400_g9_firmwareprodesk_480_g7_firmwareeliteone_800_g6_27_all-in-one_firmwareelitedesk_805_g8_desktop_mini_firmwareprodesk_405_g6_desktop_minielitebook_x360_1040_g6probook_455r_g6elite_dragonflyzhan_x_13_g2elitedesk_800_g5_tower_firmwareproone_600_g6_22_all-in-one_firmwarezhan_66_pro_14_g3z1_g9_tower_firmwareeliteone_800_g5_23.8-in_all-in-onepro_sff_400_g9_firmwarezbook_15u_g6probook_630_g8prodesk_600_g3_small_form_factorelitebook_830_g9elitedesk_800_g6_tower_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_firmwareprodesk_480_g5_microtowerelitebook_840_g8_firmwareeliteone_1000_g2_34-in_curved_all-in-one_businessprobook_630_g8_firmwareelitebook_1030_g1_firmwareengage_one_pro_aio_systemprobook_x360_11_g3_eeelitebook_655_g9_firmwareprobook_455r_g6_firmwareprobook_x360_11_g6_eeelitedesk_800_g8_small_form_factorprodesk_600_g2_microtower_firmwareengage_go_mobile_systemelitebook_650_g9_firmwareprobook_640_g8_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_firmwareprodesk_600_g5_small_form_factorprodesk_680_g3_microtower_firmwarez1_g8_towerprobook_455_g8probook_430_g5_firmwareelitedesk_705_g4_desktop_miniz1_entry_tower_g6_workstationzhan_66_pro_a_14_g5elite_x2_g4elitedesk_805_g8_small_form_factor_firmwareprodesk_405_g8_small_form_factorprobook_440_g9_firmwareeliteone_800_g3_23.8-inch_touch_gpu_all-in-oneelite_slice_firmwareprodesk_400_g6_desktop_mini_firmwarezbook_power_g7_firmwarezhan_66_pro_15_g3elitebook_745_g5elitedesk_800_g3_towerz2_tower_g5_workstation_firmwareeliteone_1000_g1_27-in_4k_uhd_all-in-one_businesselite_sff_600_g9_firmwareprodesk_600_g3_microtower_firmwareprodesk_600_g4_microtower_firmwareproone_600_g2_21.5-inch_touch_all-in-onezhan_66_pro_g5_firmwareelitebook_840_aero_g8pro_sff_400_g9probook_x360_11_g5_ee_firmwarepro_tower_480_g9elitebook_x360_1040_g5_firmwareelitedesk_800_35w_g3_desktop_minielitebook_x360_1040_g6_firmwarezhan_66_pro_14_g4_firmwareprodesk_400_g5_small_form_factor_firmwarezhan_66_pro_g1elitedesk_805_g6_small_form_factoreliteone_800_g8_24_all-in-oneeliteone_800_g6_24_all-in-one_firmwareelitedesk_800_65w_g4_desktop_minizbook_fury_15_g7_firmwareelitedesk_800_g6_towereliteone_800_g8_24_all-in-one_firmwareprodesk_480_g4_microtower_firmwareeliteone_1000_g1_34-in_curved_all-in-one_business_firmwareprobook_x360_11_g4_ee_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_firmwareprobook_fortis_g10elitebook_840_g6zbook_15_g5prodesk_600_g3_small_form_factor_firmwareelitebook_x360_1040_g7prodesk_680_g4_microtowerelitedesk_800_g6_small_form_factorproone_400_g3_20-inch_touch_all-in-one_firmwareelitebook_x360_830_g8prodesk_405_g6_small_form_factor_firmwareprodesk_480_g6_microtowerprodesk_600_g5_desktop_minielitebook_630_g9prodesk_400_g4_desktop_mini_firmwareelite_x2_1012_g2elitebook_840_g6_firmwarezhan_66_pro_g5prodesk_600_g2_small_form_factor_firmwareeliteone_800_g3_23.8-inch_touch_all-in-one_firmwareprodesk_600_g6_desktop_mini_firmwareelite_mini_800_g9eliteone_1000_g1_34-in_curved_all-in-one_businesseliteone_800_g4_23.8-in_all-in-one_business_firmwareprobook_455_g5_firmwareelitebook_845_g7_firmwarezhan_66_pro_g1_firmwareprodesk_400_g5_desktop_mini_firmwareelitebook_1050_g1elite_tower_600_g9prodesk_600_g6_microtower_firmwareelitebook_x360_830_g6_firmwarezbook_create_g7elitebook_855_g8_firmwareelitedesk_805_g6_desktop_mini_firmwareelitebook_845_g8elitebook_655_g9eliteone_800_g6_24_all-in-oneelite_x2_g8prodesk_400_g7_small_form_factor_firmwarez2_small_form_factor_g8_workstation_firmwarez2_tower_g4_workstation_firmwareprodesk_600_g4_microtowerproone_600_g2_21.5-inch_non-touch_all-in-one_firmwareprobook_x360_435_g8_firmwareprodesk_400_g6_desktop_minizbook_14u_g6_firmwareelitebook_830_g9_firmwareelite_tower_680_g9_firmwareprobook_645_g4probook_x360_440_g1_firmwareelitebook_x360_1030_g3prodesk_600_g4_small_form_factor_firmwareproone_480_g3_20-inch_non-touch_all-in_one_firmwarez2_tower_g5_workstationzbook_firefly_14_g8probook_450_g7elitedesk_705_g4_microtower_firmwareelitedesk_705_g5_small_form_factor_firmwareelitebook_755_g5eliteone_800_g4_23.8-inch_touch_all-in-oneprobook_445r_g6z2_small_form_factor_g4_workstationprobook_x360_435_g8proone_400_g6_20_all-in-oneprobook_650_g8_firmwareeliteone_800_g4_23.8-inch_non-touch_all-in-onez1_g8_tower_firmwareelitebook_x360_1030_g4eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_firmwareproone_400_g6_20_all-in-one_firmwareprodesk_400_g5_microtower_firmwarezhan_66_pro_15_g2elitebook_745_g5_firmwareprodesk_600_g2_microtowerelite_dragonfly_maxelite_x360_830_g9_2-in-1elitedesk_800_g3_small_form_factor_firmwareelitebook_865_g9_firmwareelitebook_650_g9zbook_15_g6elitedesk_800_g5_small_form_factorzhan_66_pro_a_14_g4_firmwareprodesk_400_g6_small_form_factor_firmwarezbook_studio_g5elite_dragonfly_g3elitebook_1040_g3_firmwareelitedesk_805_g8_desktop_minieliteone_800_g4_23.8-inch_touch_all-in-one_firmwareelite_x2_1012_g2_firmwarez2_mini_g5_workstation_firmwareprodesk_400_g7_microtowerelitedesk_880_g8_towerprobook_650_g4prodesk_680_g3_microtowerrp9_g1_retail_systempro_x360_fortis_g10_firmwareengage_one_aio_system_firmwareprobook_640_g4z2_tower_g8_workstationelitebook_845_g9_firmwareproone_600_g6_22_all-in-oneelite_tower_800_g9proone_400_g3_20-inch_touch_all-in-oneelitebook_1030_g1elitedesk_800_65w_g2_desktop_mini_firmwareengage_go_10_mobile_systemprobook_455_g6zbook_fury_17_g8engage_go_10_mobile_system_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_firmwareeliteone_800_g3_23.8-inch_non-touch_all-in-one_firmwareprodesk_400_g4_small_form_factorprobook_fortis_g10_firmwaremt44_mobile_thin_client_firmwareprobook_640_g7proone_440_g6_24_all-in-oneprobook_450_g5_firmwarezbook_fury_17_g7zbook_15u_g5prodesk_480_g7elitebook_830_g8elite_x2_g4_firmwarezhan_66_pro_14_g3_firmwareproone_400_g4_20-inch_non-touch_all-in-one_businesselite_sff_600_g9mt45_mobile_thin_clientelitebook_830_g5elite_slice_g2zhan_66_pro_a_14_g5_firmwareelitedesk_800_95w_g4_desktop_mini_firmwareprodesk_600_g6_desktop_minimp9_g4_retail_systemelitebook_840_g5_firmwarezbook_14u_g6eliteone_800_g6_27_all-in-oneelitedesk_800_g4_tower_firmwareelitebook_1040_g4zbook_power_g9_firmwareelitedesk_880_g6_tower_firmwareelite_sff_800_g9elitedesk_705_g4_microtowerelitedesk_800_35w_g2_desktop_mini_firmwareeliteone_840_23.8_inch_g9_all-in-onerp9_g1_retail_system_firmwareprobook_x360_11_g3_ee_firmwareprodesk_480_g5_microtower_firmwareelitedesk_705_g4_workstationzhan_66_pro_15_g3_firmwarez1_entry_tower_g6_workstation_firmwareprodesk_600_g4_small_form_factorzbook_studio_g8_firmwareelitebook_x360_830_g7elitebook_x360_1030_g3_firmwareelitebook_850_g8elitedesk_800_65w_g4_desktop_mini_firmwareelitebook_846_g5_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_firmwareeliteone_800_g4_23.8-inch_touch_gpu_all-in-one_firmwareprobook_635_aero_g8_firmwareelite_dragonfly_g2_firmwareeliteone_800_g4_23.8-inch_touch_gpu_all-in-oneelitedesk_800_35w_g4_desktop_mini_firmwareelitedesk_800_g8_desktop_mini_firmwareelitedesk_705_g4_desktop_mini_firmwareprobook_440_g5elitedesk_800_g5_small_form_factor_firmwareproone_440_g5_23.8-in_all-in-one_businesselitedesk_800_g2_small_form_factorelite_tower_880_g9zbook_studio_g5_firmwarezbook_fury_15_g7probook_640_g5_firmwareelitebook_840_aero_g8_firmwareelite_slice_g2_firmwareelitebook_x360_1040_g8prodesk_405_g8_desktop_minieliteone_1000_g2_23.8-in_all-in-one_businesselitebook_735_g6elitedesk_800_65w_g3_desktop_miniprobook_450_g7_firmwareprobook_650_g4_firmwareprodesk_405_g4_desktop_miniprobook_640_g7_firmwareelitebook_830_g6_firmwarezbook_fury_16_g9_firmwareprobook_430_g6_firmwarezbook_firefly_14_g8_firmwareeliteone_1000_g1_23.8-in_touch_all-in-one_businessprodesk_400_g3_desktop_mini_firmwareelitebook_x360_1030_g8zbook_create_g7_firmwarez2_tower_g4_workstationzbook_17_g6_firmwareelitebook_840_g7elitedesk_800_g3_small_form_factorprobook_445_g6_firmwareprobook_445_g9_firmwarezbook_studio_g7elitebook_645_g9_firmwareelite_tower_800_g9_firmwareeliteone_1000_g2_34-in_curved_all-in-one_business_firmwareprodesk_600_g6_small_form_factor_firmwarezhan_66_pro_14_g2proone_400_g6_24_all-in-one_firmwareprobook_440_g9elitedesk_880_g4_towerzbook_fury_16_g9elite_x360_830_g9_2-in-1_firmwaremt45_mobile_thin_client_firmwareeliteone_800_g5_23.8-inch_all-in-one_firmwareprobook_x360_435_g7prodesk_400_g6_microtowerproone_440_23.8_inch_g9_all-in-oneeliteone_800_g8_27_all-in-one_firmwareelitebook_745_g6_firmwareelitedesk_705_g3_firmwareengage_flex_pro-c_retail_systemproone_440_g4_23.8-inch_non-touch_all-in-one_business_firmwareprodesk_600_g3_desktop_miniprobook_470_g5elitebook_745_g6eliteone_800_g3_23.8-inch_touch_all-in-oneeliteone_800_g4_23.8-in_all-in-one_businessprodesk_400_g3_desktop_miniprodesk_600_g4_desktop_minielitedesk_880_g8_tower_firmwareelitebook_830_g7prodesk_400_g6_microtower_firmwareeliteone_800_g3_23.8_non-touch_all-in-one_businesseliteone_840_23.8_inch_g9_all-in-one_firmwareproone_600_g5_21.5-in_all-in-one_business_firmwareelitebook_860_g9elite_dragonfly_max_firmwareelitebook_855_g7eliteone_800_g3_23.8-inch_non-touch_all-in-onez1_entry_tower_g5_workstationprobook_645_g4_firmwareproone_400_g5_23.8-inch_all-in-one_businesselitebook_835_g7elitebook_860_g9_firmwareelitebook_1040_g9prodesk_405_g4_small_form_factor_firmwareprobook_650_g5proone_600_g4_21.5-inch_touch_all-in-one_businesselite_x2_g8_firmwareelitebook_840_g9elitedesk_800_35w_g2_desktop_minipro_tower_400_g9prodesk_600_g4_desktop_mini_firmwareelite_x360_1040_g9_2-in-1_firmwareprobook_440_g7elite_folio_2-in-1elite_mini_800_g9_firmwareelitebook_835_g9prodesk_600_g3_desktop_mini_firmwareelite_sff_800_g9_firmwareprobook_445_g6probook_640_g8probook_455_g9_firmwareelitebook_830_g5_firmwarezbook_firefly_15_g8_firmwaremp9_g4_retail_system_firmwareprobook_650_g8elitebook_836_g6_firmwareelitedesk_800_g4_workstationz2_small_form_factor_g8_workstationprodesk_680_g2_microtower_firmwareprobook_635_aero_g8eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_firmwareengage_flex_mini_retail_system_firmwareprobook_445_g7_firmwareelitedesk_800_65w_g2_desktop_minielitebook_850_g6_firmwareprobook_455_g5mp9_g2_retail_systemengage_flex_mini_retail_systemelitedesk_800_35w_g4_desktop_minielitebook_846_g5zbook_firefly_15_g7_firmwarez1_g9_towermt46_mobile_thin_client_firmwareeliteone_800_g2_23-inch_non-touch_all-in-one_firmwareprobook_440_g6zbook_studio_g8eliteone_800_g2_23-inch_non-touch_all-in-oneprodesk_600_g2_desktop_minieliteone_1000_g1_23.8-in_touch_all-in-one_business_firmwarezbook_studio_x360_g5elitebook_x360_830_g7_firmwareeliteone_1000_g1_27-in_4k_uhd_all-in-one_business_firmwarez2_tower_g8_workstation_firmwareproone_400_g2_20-inch_touch_all-in-one_firmwareprobook_450_g8zbook_17_g5zbook_firefly_14_g7zhan_66_pro_a_14_g3probook_640_g5zbook_17_g5_firmwareelitebook_850_g5prodesk_600_g5_small_form_factor_firmwareelitedesk_800_g5_towerelitedesk_705_g5_small_form_factorelitebook_840_g5elitedesk_800_g4_small_form_factor_firmwareprodesk_600_g6_small_form_factorprobook_450_g9elitebook_835_g8_firmwarezbook_15u_g5_firmwareprobook_650_g7_firmwarezhan_66_pro_14_g4elitebook_850_g8_firmwarezbook_studio_g9elitebook_850_g7elitedesk_800_g6_desktop_mini_firmwareelitedesk_805_g6_desktop_minielitedesk_805_g8_small_form_factorzbook_15_g6_firmwarezbook_fury_17_g8_firmwareelitedesk_800_g2_small_form_factor_firmwarezbook_15u_g6_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_firmwarezbook_firefly_15_g8elite_x2_1013_g3_firmwareprobook_450_g9_firmwareelitedesk_800_g4_small_form_factorprodesk_600_g6_microtowerprodesk_680_g6elitebook_x360_1040_g5elitebook_x360_1040_g8_firmwareelitebook_x360_830_g5_firmwareprobook_445_g7proone_600_g5_21.5-in_all-in-one_businesselitebook_640_g9elitedesk_800_95w_g4_desktop_minidragonfly_folio_g3_2-in-1elite_dragonfly_firmwarezbook_firefly_14_g9_firmwareelitebook_x360_830_g8_firmwareprobook_445_g9prodesk_400_g4_microtowerprobook_455_g9mt46_mobile_thin_clientelite_dragonfly_g3_firmwarepro_x360_fortis_g9zhan_66_pro_14_g2_firmwareelitedesk_800_g8_desktop_minizbook_15_g5_firmwareeliteone_800_g5_23.8-inch_all-in-oneprobook_450_g5proone_400_g2_20-inch_touch_all-in-oneprodesk_400_g7_microtower_firmwareelitebook_840r_g4_firmwareprobook_x360_435_g7_firmwareeliteone_800_g2_23-inch_touch_all-in-oneprobook_fortis_g9eliteone_800_g2_23-inch_touch_all-in-one_firmwareprodesk_600_g3_microtowerproone_400_g2_20-inch_non-touch_all-in-oneelitedesk_800_g8_small_form_factor_firmwareelitebook_735_g5_firmwareproone_400_g5_20-inch_all-in-one_businesselitebook_840r_g4elitebook_836_g5_firmwareprodesk_405_g4_desktop_mini_firmwareengage_one_aio_systemprodesk_405_g6_desktop_mini_firmwareelitebook_x360_1030_g7probook_x360_11_g4_eezhan_x_13_g2_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_businesselite_x2_1013_g3proone_600_g2_21.5-inch_touch_all-in-one_firmwarezhan_66_pro_a_14_g4zhan_66_pro_g3_22_all-in-one_firmwareprobook_430_g6proone_400_g3_20-inch_non-touch_all-in-one_firmwareelitebook_850_g6elitedesk_800_g8_towerprodesk_400_g5_microtowerprodesk_405_g8_small_form_factor_firmwareproone_400_g5_20-inch_all-in-one_business_firmwarezbook_fury_17_g7_firmwareelitebook_1040_g9_firmwareelitebook_836_g6elitebook_x360_830_g5prodesk_480_g6_microtower_firmwareelite_x360_1040_g9_2-in-1elitebook_836_g5probook_x360_440_g1z2_small_form_factor_g5_workstation_firmwareprodesk_600_g5_microtower_firmwareelitebook_835_g8elitedesk_705_g5_desktop_minielitebook_850_g5_firmwareprobook_440_g7_firmwareelitebook_1040_g4_firmwarezbook_fury_15_g8zbook_14u_g5_firmwareelitebook_x360_830_g6elitedesk_880_g4_tower_firmwareprobook_440_g5_firmwareelitebook_830_g6probook_x360_11_g5_eezbook_firefly_16_g9_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_businesszbook_firefly_16_g9probook_650_g5_firmwareelitedesk_800_g4_towereliteone_800_g3_23.8-inch_non-touch_gpu_all-in-oneprobook_450_g6prodesk_600_g2_small_form_factorelitebook_855_g7_firmwarezbook_power_g7engage_go_mobile_system_firmwareprobook_440_g6_firmwareelite_tower_600_g9_firmwareelitebook_850_g7_firmwareelitebook_x360_1030_g8_firmwareelitedesk_705_g4_workstation_firmwareprobook_455_g7_firmwareprodesk_405_g4_small_form_factorelitebook_840_g8zbook_firefly_14_g7_firmwareprodesk_400_g7_small_form_factorzbook_power_g8_firmwareprobook_455_g8_firmwareprodesk_600_g5_microtowerelitebook_640_g9_firmwareelitebook_830_g7_firmwareprobook_470_g5_firmwaremt44_mobile_thin_clientelitebook_840_g7_firmwareelite_folio_2-in-1_firmwareelitebook_855_g8eliteone_800_g4_23.8-inch_non-touch_all-in-one_firmwareelite_mini_600_g9_firmwareelitedesk_705_g4_small_form_factor_firmwareprodesk_400_g5_desktop_miniprodesk_400_g5_small_form_factordragonfly_folio_g3_2-in-1_firmwarez2_mini_g5_workstationprobook_440_g8_firmwareelitedesk_800_g4_workstation_firmwarepro_x360_fortis_g9_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwareelitebook_1050_g1_firmwareprobook_430_g8_firmwarez2_mini_g4_workstation_firmwareeliteone_800_g5_23.8-in_all-in-one_firmwareelite_x2_1012_g1_firmwareelite_mini_600_g9pro_tower_480_g9_firmwareproone_480_g3_20-inch_non-touch_all-in_oneprodesk_600_g6probook_x360_11_g6_ee_firmwareprobook_430_g5probook_455_g7eliteone_800_g3_23.8_non-touch_all-in-one_business_firmwareHP PC BIOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-41228
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 22:25
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code injection in `saved_model_cli`

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-21892
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.84%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 01:31
Updated-30 Apr, 2025 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Linux Kernel Organization, Inc
Product-node.jslinux_kernelNodenode.js
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-36036
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.6||LOW
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-29 Aug, 2022 | 17:20
Updated-22 Apr, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds.

Action-Not Available
Vendor-mdx-mermaid_projectsjwall
Product-mdx-mermaidmdx-mermaid
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-0161
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.29%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 16:02
Updated-11 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Appliance code injection

IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-45271
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-8.4||HIGH
EPSS-0.11% / 30.75%
||
7 Day CHG+0.07%
Published-15 Oct, 2024 | 10:27
Updated-26 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MB connect line/Helmholz: Remote code execution due to improper input validation

An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.

Action-Not Available
Vendor-mbconnectlinehelmholzMB connect lineHelmholzmb_connect_linerex100
Product-mbnet.minirex_100_firmwarerex_100mbnet.mini_firmwareREX100mbNET.minimbnet.minihelmholz
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found