CVE-2023-28513 – IBM MQ denial of service
https://notcve.org/view.php?id=CVE-2023-28513
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397. • https://exchange.xforce.ibmcloud.com/vulnerabilities/250397 https://www.ibm.com/support/pages/node/7007421 https://www.ibm.com/support/pages/node/7007731 • CWE-20: Improper Input Validation •
CVE-2021-38933 – IBM Sterling Connect:Express for UNIX information disclosure
https://notcve.org/view.php?id=CVE-2021-38933
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574. • https://exchange.xforce.ibmcloud.com/vulnerabilities/210574 https://www.ibm.com/support/pages/node/7010925 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2023-29260 – IBM Sterling Connect:Express for UNIX server-side request forgery
https://notcve.org/view.php?id=CVE-2023-29260
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252135 https://www.ibm.com/support/pages/node/7010923 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-29259 – IBM Sterling Connect:Express for UNIX information disclosure
https://notcve.org/view.php?id=CVE-2023-29259
IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252055 https://www.ibm.com/support/pages/node/7010921 •
CVE-2023-22049 – OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
https://notcve.org/view.php?id=CVE-2023-22049
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html https://security.netapp.com/advisory/ntap-20230725-0006 https://security.netapp.com/advisory/ntap-20240621-0006 https://www.debian.org/security/2023/dsa-5458 https://www.debian.org/security/2023/dsa-5478 https://www.oracle.com/security-alerts/cpujul2023.html https://access.redhat.com/security/cve/CVE-2023-22049 https://bugzilla.redhat.com/show_bug.cgi?id=2221647 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •