CVE-2023-24492
https://notcve.org/view.php?id=CVE-2023-24492
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. • https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-35333 – MediaWiki PandocUpload Extension Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35333
MediaWiki PandocUpload Extension Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35333 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-37271 – RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
https://notcve.org/view.php?id=CVE-2023-37271
Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. • https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531 https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2023-37659
https://notcve.org/view.php?id=CVE-2023-37659
xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). • https://github.com/refraction-ray/xalpha/issues/175 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-27868 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-27868
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249516 https://security.netapp.com/advisory/ntap-20230803-0006 https://www.ibm.com/support/pages/node/7010029 • CWE-94: Improper Control of Generation of Code ('Code Injection') •