CVE List - 2023 / May
Showing 1001 - 1100 of 2420 CVEs for May 2023 (Page 11 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-28361 | 2023-05-11 | A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit... |
| CVE-2023-29273 | 2023-05-11 | ZDI-CAN-20367: Adobe Substance 3D Painter USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-29274 | 2023-05-11 | ZDI-CAN-20366: Adobe Substance 3D Painter USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-29275 | 2023-05-11 | ZDI-CAN-20363: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-29276 | 2023-05-11 | ZDI-CAN-20362: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-29277 | 2023-05-11 | ZDI-CAN-20370: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-29278 | 2023-05-11 | ZDI-CAN-20371: Adobe Substance 3D Painter GLTF File Parsing Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2023-29279 | 2023-05-11 | ZDI-CAN-20368: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-29280 | 2023-05-11 | ZDI-CAN-20372: Adobe Substance 3D Painter PLY File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-29281 | 2023-05-11 | ZDI-CAN-20364: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-29282 | 2023-05-11 | ZDI-CAN-20359: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-29283 | 2023-05-11 | ZDI-CAN-20361: Adobe Substance 3D Painter USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-29284 | 2023-05-11 | ZDI-CAN-20365: Adobe Substance 3D Painter USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-29285 | 2023-05-11 | ZDI-CAN-20360: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-29286 | 2023-05-11 | ZDI-CAN-20369: Adobe Substance 3D Painter USD File Parsing Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2023-29791 | 2023-05-11 | kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. |
| CVE-2023-29863 | 2023-05-11 | Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files. |
| CVE-2023-29986 | 2023-05-11 | spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view. |
| CVE-2023-30172 | 2023-05-11 | A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. |
| CVE-2023-30192 | 2023-05-11 | Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find(). |
| CVE-2023-30256 | 2023-05-11 | Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file. |
| CVE-2023-30394 | 2023-05-11 | The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication function. NOTE: this issue is disputed by the original reporter because it has "no impact." |
| CVE-2023-31442 | 2023-05-11 | In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS... |
| CVE-2023-31473 | 2023-05-11 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused... |
| CVE-2023-31475 | 2023-05-11 | An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the... |
| CVE-2023-31477 | 2023-05-11 | A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because... |
| CVE-2023-31497 | 2023-05-11 | Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to... |
| CVE-2023-31498 | 2023-05-11 | A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token... |
| CVE-2023-31502 | 2023-05-11 | Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php. |
| CVE-2023-31528 | 2023-05-11 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter. |
| CVE-2023-31529 | 2023-05-11 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter. |
| CVE-2023-31530 | 2023-05-11 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter. |
| CVE-2023-31531 | 2023-05-11 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter. |
| CVE-2023-32668 | 2023-05-11 | LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as... |
| CVE-2023-2641 | 2023-05-11 | SourceCodester Online Internship Management System POST Parameter login.php sql injection |
| CVE-2023-2642 | 2023-05-11 | SourceCodester Online Exam System GET Parameter updateCourse.php sql injection |
| CVE-2023-2643 | 2023-05-11 | SourceCodester File Tracker Manager System POST Parameter update_password.php sql injection |
| CVE-2023-2644 | 2023-05-11 | DigitalPersona FPSensor DpHost.exe unquoted search path |
| CVE-2023-2645 | 2023-05-11 | USR USR-G806 Web Management Page hard-coded password |
| CVE-2023-2646 | 2023-05-11 | TP-Link Archer C7v2 GET Request Parameter denial of service |
| CVE-2023-2647 | 2023-05-11 | Weaver E-Office File Upload utility_all.php command injection |
| CVE-2023-2648 | 2023-05-11 | Weaver E-Office uploadify.php unrestricted upload |
| CVE-2023-2649 | 2023-05-11 | Tenda AC23 Service Port 7329 ate command injection |
| CVE-2023-2652 | 2023-05-11 | SourceCodester Lost and Found Information System sql injection |
| CVE-2023-2653 | 2023-05-11 | SourceCodester Lost and Found Information System index.php sql injection |
| CVE-2023-2490 | 2023-05-11 | WordPress UserAgent-Spy Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2656 | 2023-05-11 | SourceCodester AC Repair and Services System sql injection |
| CVE-2023-2657 | 2023-05-11 | SourceCodester Online Computer and Laptop Store products.php cross site scripting |
| CVE-2023-2658 | 2023-05-11 | SourceCodester Online Computer and Laptop Store products.php sql injection |
| CVE-2023-2659 | 2023-05-11 | SourceCodester Online Computer and Laptop Store view_product.php sql injection |
| CVE-2023-22720 | 2023-05-11 | WordPress WP Links Page Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2660 | 2023-05-11 | SourceCodester Online Computer and Laptop Store view_categories.php sql injection |
| CVE-2023-2661 | 2023-05-11 | SourceCodester Online Computer and Laptop Store Master.php sql injection |
| CVE-2023-29400 | 2023-05-11 | Improper handling of empty HTML attributes in html/template |
| CVE-2023-24540 | 2023-05-11 | Improper handling of JavaScript whitespace in html/template |
| CVE-2023-24539 | 2023-05-11 | Improper sanitization of CSS values in html/template |
| CVE-2023-32075 | 2023-05-11 | Pimcore vulnerable to Business Logic Errors in Customer automation rules |
| CVE-2023-29031 | 2023-05-11 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack |
| CVE-2023-29030 | 2023-05-11 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack |
| CVE-2023-29023 | 2023-05-11 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack |
| CVE-2023-29024 | 2023-05-11 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack |
| CVE-2023-29025 | 2023-05-11 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack |
| CVE-2023-29026 | 2023-05-11 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack |
| CVE-2023-29027 | 2023-05-11 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack |
| CVE-2023-29028 | 2023-05-11 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack |
| CVE-2023-29029 | 2023-05-11 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack |
| CVE-2023-29022 | 2023-05-11 | Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack |
| CVE-2023-1834 | 2023-05-11 | Rockwell Automation Kinetix 5500 Vulnerable to Open Port Exploitation |
| CVE-2023-2443 | 2023-05-11 | Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and... |
| CVE-2023-2444 | 2023-05-11 | A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer... |
| CVE-2023-29195 | 2023-05-11 | Vitess VTAdmin users that can create shards can deny access to other functions |
| CVE-2023-32082 | 2023-05-11 | etcd key name can be accessed via LeaseTimeToLive API |
| CVE-2023-27554 | 2023-05-11 | IBM WebSphere Application Server XML external entity injection |
| CVE-2023-27870 | 2023-05-11 | IBM Spectrum Virtualize information disclosure |
| CVE-2023-2662 | 2023-05-11 | Divide-by-zero in Xpdf 4.04 due to bad color space object |
| CVE-2023-2663 | 2023-05-11 | Stack overflow in Xpdf 4.04 due to object loop in PDF page label tree |
| CVE-2023-2664 | 2023-05-11 | Stack overflow in Xpdf 4.04 due to object loop in PDF embedded file tree |
| CVE-2023-31146 | 2023-05-11 | Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment |
| CVE-2023-32058 | 2023-05-11 | Vyper vulnerable to integer overflow in loop |
| CVE-2023-32059 | 2023-05-11 | Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls |
| CVE-2020-13377 | 2023-05-12 | The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive... |
| CVE-2020-13378 | 2023-05-12 | Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code. |
| CVE-2022-47879 | 2023-05-12 | A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The... |
| CVE-2022-47880 | 2023-05-12 | An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test... |
| CVE-2022-48020 | 2023-05-12 | Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by... |
| CVE-2023-1096 | 2023-05-12 | SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user. |
| CVE-2023-20877 | 2023-05-12 | VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. |
| CVE-2023-20878 | 2023-05-12 | VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. |
| CVE-2023-20879 | 2023-05-12 | VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. |
| CVE-2023-2088 | 2023-05-12 | A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this... |
| CVE-2023-20880 | 2023-05-12 | VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. |
| CVE-2023-2181 | 2023-05-12 | An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to... |
| CVE-2023-23169 | 2023-05-12 | Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. |
| CVE-2023-25005 | 2023-05-12 | A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection... |
| CVE-2023-25006 | 2023-05-12 | A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution. |
| CVE-2023-25007 | 2023-05-12 | A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution. |
| CVE-2023-25008 | 2023-05-12 | A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution. |
| CVE-2023-25009 | 2023-05-12 | A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution. |
| CVE-2023-25428 | 2023-05-12 | A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution. |
| CVE-2023-2665 | 2023-05-12 | Storage of Sensitive Data in a Mechanism without Access Control in francoisjacquet/rosariosis |