CVE List - 2023 / May
Showing 901 - 1000 of 2420 CVEs for May 2023 (Page 10 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-46279 | 2023-05-10 | Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-38103 | 2023-05-10 | Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access |
| CVE-2022-38787 | 2023-05-10 | Improper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-22661 | 2023-05-10 | Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. |
| CVE-2023-22297 | 2023-05-10 | Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local... |
| CVE-2023-25545 | 2023-05-10 | Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. |
| CVE-2023-22442 | 2023-05-10 | Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. |
| CVE-2023-22379 | 2023-05-10 | Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. |
| CVE-2023-25776 | 2023-05-10 | Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. |
| CVE-2023-28411 | 2023-05-10 | Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. |
| CVE-2023-25175 | 2023-05-10 | Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. |
| CVE-2023-24475 | 2023-05-10 | Out of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. |
| CVE-2023-22443 | 2023-05-10 | Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access. |
| CVE-2022-40210 | 2023-05-10 | Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-40685 | 2023-05-10 | Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access. |
| CVE-2022-40207 | 2023-05-10 | Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-41784 | 2023-05-10 | Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access |
| CVE-2022-42465 | 2023-05-10 | Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-44619 | 2023-05-10 | Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-41998 | 2023-05-10 | Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-43475 | 2023-05-10 | Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-41979 | 2023-05-10 | Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access. |
| CVE-2022-44610 | 2023-05-10 | Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access. |
| CVE-2023-22355 | 2023-05-10 | Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-33894 | 2023-05-10 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-38087 | 2023-05-10 | Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-32576 | 2023-05-10 | Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-41699 | 2023-05-10 | Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-40972 | 2023-05-10 | Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-41771 | 2023-05-10 | Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-41621 | 2023-05-10 | Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-41801 | 2023-05-10 | Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-41769 | 2023-05-10 | Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-38101 | 2023-05-10 | Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2022-33963 | 2023-05-10 | Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2022-27180 | 2023-05-10 | Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-43465 | 2023-05-10 | Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-45128 | 2023-05-10 | Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-43507 | 2023-05-10 | Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access. |
| CVE-2022-41693 | 2023-05-10 | Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-41610 | 2023-05-10 | Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local... |
| CVE-2022-43474 | 2023-05-10 | Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2023-25179 | 2023-05-10 | Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2023-23573 | 2023-05-10 | Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2023-22447 | 2023-05-10 | Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure... |
| CVE-2023-22440 | 2023-05-10 | Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-27298 | 2023-05-10 | Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access. |
| CVE-2023-25772 | 2023-05-10 | Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-46377 | 2023-05-10 | An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service.... |
| CVE-2022-46378 | 2023-05-10 | An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service.... |
| CVE-2022-41985 | 2023-05-10 | An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of... |
| CVE-2023-0007 | 2023-05-10 | PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface |
| CVE-2023-0008 | 2023-05-10 | PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface |
| CVE-2023-32070 | 2023-05-10 | Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers |
| CVE-2023-32076 | 2023-05-10 | in-toto vulnerable to Configuration Read From Local Directory |
| CVE-2022-36937 | 2023-05-10 | HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4,... |
| CVE-2023-2310 | 2023-05-10 | Channel Accessible by Non-Endpoint |
| CVE-2023-31148 | 2023-05-10 | Improper Input Validation in Web Interface |
| CVE-2023-31149 | 2023-05-10 | Improper Input Validation in Web Interface |
| CVE-2023-31150 | 2023-05-10 | Storing Passwords in a Recoverable Format |
| CVE-2023-31151 | 2023-05-10 | Improper Certificate Validation |
| CVE-2023-31152 | 2023-05-10 | Authentication Bypass Using an Alternate Path or Channel |
| CVE-2023-31153 | 2023-05-10 | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31154 | 2023-05-10 | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31155 | 2023-05-10 | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31156 | 2023-05-10 | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31157 | 2023-05-10 | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31158 | 2023-05-10 | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31159 | 2023-05-10 | Improper Neutralization of Input During Web Page Generation |
| CVE-2022-36329 | 2023-05-10 | Denial of Service over OTA mechanism in Western Digital My Cloud Home and ibi devices |
| CVE-2023-31160 | 2023-05-10 | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31161 | 2023-05-10 | Improper Input Validation in Web Interface |
| CVE-2023-31162 | 2023-05-10 | Improper Input Validation in Web Interface |
| CVE-2023-31163 | 2023-05-10 | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31164 | 2023-05-10 | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31165 | 2023-05-10 | Improper Neutralization of Input During Web Page Generation |
| CVE-2023-31166 | 2023-05-10 | Improper Limitation of a Pathname to a Restricted Directory |
| CVE-2023-32080 | 2023-05-10 | Wings vulnerable to escape to host from installation container |
| CVE-2022-29842 | 2023-05-10 | Command Injection Vulnerability in Western Digital My Cloud devices |
| CVE-2022-29841 | 2023-05-10 | OS Command Injection vulnerability in Western Digital My Cloud devices |
| CVE-2022-29840 | 2023-05-10 | Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices |
| CVE-2023-31445 | 2023-05-11 | Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses,... |
| CVE-2021-34076 | 2023-05-11 | File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. |
| CVE-2022-47129 | 2023-05-11 | PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. |
| CVE-2023-0851 | 2023-05-11 | Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected... |
| CVE-2023-0852 | 2023-05-11 | Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to... |
| CVE-2023-0853 | 2023-05-11 | Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the... |
| CVE-2023-0854 | 2023-05-11 | Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger... |
| CVE-2023-0855 | 2023-05-11 | Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected... |
| CVE-2023-0856 | 2023-05-11 | Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected... |
| CVE-2023-0857 | 2023-05-11 | Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifunction Printers and Laser Printers(*) may allow an attacker on... |
| CVE-2023-0858 | 2023-05-11 | Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product.... |
| CVE-2023-0859 | 2023-05-11 | Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and... |
| CVE-2023-25309 | 2023-05-11 | Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality. |
| CVE-2023-28325 | 2023-05-11 | An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is... |
| CVE-2023-28356 | 2023-05-11 | A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes,... |
| CVE-2023-28357 | 2023-05-11 | A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking... |
| CVE-2023-28358 | 2023-05-11 | A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with... |
| CVE-2023-28359 | 2023-05-11 | A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded... |
| CVE-2023-28360 | 2023-05-11 | An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to... |