CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37659
https://notcve.org/view.php?id=CVE-2023-37659
xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). • https://github.com/refraction-ray/xalpha/issues/175 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-27868 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-27868
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249516 https://security.netapp.com/advisory/ntap-20230803-0006 https://www.ibm.com/support/pages/node/7010029 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-27867 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-27867
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249514. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249514 https://security.netapp.com/advisory/ntap-20230803-0006 https://www.ibm.com/support/pages/node/7010029 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-27869 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-27869
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249517 https://security.netapp.com/advisory/ntap-20230803-0006 https://www.ibm.com/support/pages/node/7010029 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3551 – Code Injection in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-3551
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10. • https://github.com/nilsteampassnet/teampass/commit/cc6abc76aa46ed4a27736c1d2f21e432a5d54e6f https://huntr.dev/bounties/cf8878ff-6cd9-49be-b313-7ac2a94fc7f7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •