CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34143 – Improper Validation of Certificate Vulnerability in Hitachi Device Manager
https://notcve.org/view.php?id=CVE-2023-34143
18 Jul 2023 — Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34142 – Cleartext Transmission Vulnerability in Hitachi Device Manager
https://notcve.org/view.php?id=CVE-2023-34142
18 Jul 2023 — Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4146 – EL Injection Vulnerability in Hitachi Replication Manager
https://notcve.org/view.php?id=CVE-2022-4146
18 Jul 2023 — Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-123/index.html • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2023-26512 – Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data
https://notcve.org/view.php?id=CVE-2023-26512
17 Jul 2023 — CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible. CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.... • https://lists.apache.org/thread/zb1d62wh8o8pvntrnx4t1hj8vz0pm39p • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35012 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-35012
17 Jul 2023 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257763 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-33857 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-33857
16 Jul 2023 — IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695. IBM InfoSphere Information Server v11.7 podría permitir a un atacante remoto obtener información del sistema utilizando una consulta especialmente manipulada que podría ayudar en futuros ataques contra el sistema. ID de IBM X-Force: 257695. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257695 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-35901 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2023-35901
16 Jul 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259380 • CWE-287: Improper Authentication •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3434 – QRC Handler without Input Validation in Jami
https://notcve.org/view.php?id=CVE-2023-3434
14 Jul 2023 — Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger. Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger. • https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-Vulnerabilities • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29311 – [FG-VD-23-006] Adobe InDesign 2023 Out-of-Bound Read Vulnerability IV Notification
https://notcve.org/view.php?id=CVE-2023-29311
12 Jul 2023 — Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/indesign/apsb23-38.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-29314 – [FG-VD-23-013] Adobe InDesign 2023 Out-of-Bound Read Vulnerability X Notification
https://notcve.org/view.php?id=CVE-2023-29314
12 Jul 2023 — Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/indesign/apsb23-38.html • CWE-125: Out-of-bounds Read •