CVE-2022-4146 – EL Injection Vulnerability in Hitachi Replication Manager
https://notcve.org/view.php?id=CVE-2022-4146
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-123/index.html • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVE-2023-26512 – Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data
https://notcve.org/view.php?id=CVE-2023-26512
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible. • https://lists.apache.org/thread/zb1d62wh8o8pvntrnx4t1hj8vz0pm39p • CWE-502: Deserialization of Untrusted Data •
CVE-2023-35012 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-35012
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257763 https://security.netapp.com/advisory/ntap-20230818-0013 https://www.ibm.com/support/pages/node/7010747 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-33857 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-33857
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695. IBM InfoSphere Information Server v11.7 podría permitir a un atacante remoto obtener información del sistema utilizando una consulta especialmente manipulada que podría ayudar en futuros ataques contra el sistema. ID de IBM X-Force: 257695. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257695 https://www.ibm.com/support/pages/node/7007059 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-35901 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2023-35901
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259380 https://www.ibm.com/support/pages/node/7012317 • CWE-287: Improper Authentication •