CVE List - 2023 / May
Showing 2401 - 2420 of 2420 CVEs for May 2023 (Page 25 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-35745 | 2023-05-31 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| CVE-2022-35746 | 2023-05-31 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
| CVE-2022-35747 | 2023-05-31 | Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability |
| CVE-2022-35748 | 2023-05-31 | HTTP.sys Denial of Service Vulnerability |
| CVE-2022-35749 | 2023-05-31 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
| CVE-2022-35750 | 2023-05-31 | Win32k Elevation of Privilege Vulnerability |
| CVE-2022-35751 | 2023-05-31 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2022-35752 | 2023-05-31 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| CVE-2022-35753 | 2023-05-31 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| CVE-2022-35754 | 2023-05-31 | Unified Write Filter Elevation of Privilege Vulnerability |
| CVE-2022-35755 | 2023-05-31 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-35756 | 2023-05-31 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2022-35757 | 2023-05-31 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2022-35758 | 2023-05-31 | Windows Kernel Memory Information Disclosure Vulnerability |
| CVE-2022-35759 | 2023-05-31 | Windows Local Security Authority (LSA) Denial of Service Vulnerability |
| CVE-2023-34088 | 2023-05-31 | Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface |
| CVE-2023-26277 | 2023-05-31 | IBM QRadar WinCollect Agent privilege escalation |
| CVE-2015-10108 | 2023-05-31 | meitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgery |
| CVE-2023-26278 | 2023-05-31 | IBM QRadar WinCollect Agent privilege escalation |
| CVE-2023-23952 | 2023-06-01 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. |
| CVE-2023-23953 | 2023-06-01 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. |
| CVE-2023-23954 | 2023-06-01 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. |
| CVE-2023-23955 | 2023-06-01 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. |
| CVE-2023-27639 | 2023-06-01 | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint,... |
| CVE-2023-27640 | 2023-06-01 | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint,... |
| CVE-2023-28147 | 2023-06-01 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard... |
| CVE-2023-28399 | 2023-06-01 | Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the... |
| CVE-2023-28651 | 2023-06-01 | Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings,... |
| CVE-2023-28657 | 2023-06-01 | Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege.... |
| CVE-2023-28713 | 2023-06-01 | Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a... |
| CVE-2023-28824 | 2023-06-01 | Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database... |
| CVE-2023-28937 | 2023-06-01 | DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes... |
| CVE-2023-29154 | 2023-06-01 | SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary... |
| CVE-2023-29159 | 2023-06-01 | Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. |
| CVE-2023-29722 | 2023-06-01 | The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal... |
| CVE-2023-29723 | 2023-06-01 | The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal... |
| CVE-2023-29736 | 2023-06-01 | Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution. |
| CVE-2023-29748 | 2023-06-01 | Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to... |
| CVE-2023-3026 | 2023-06-01 | Cross-site Scripting (XSS) - Stored in jgraph/drawio |
| CVE-2023-30758 | 2023-06-01 | Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. |
| CVE-2023-33461 | 2023-06-01 | iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return. |
| CVE-2023-33544 | 2023-06-01 | hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even... |
| CVE-2023-33546 | 2023-06-01 | Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could... |
| CVE-2023-33551 | 2023-06-01 | Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. |
| CVE-2023-33552 | 2023-06-01 | Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. |
| CVE-2023-33716 | 2023-06-01 | mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp. |
| CVE-2023-33719 | 2023-06-01 | mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp |
| CVE-2023-33754 | 2023-06-01 | The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user... |
| CVE-2023-33764 | 2023-06-01 | eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component #/de/casting/show/detail/<ID>. |
| CVE-2023-33778 | 2023-06-01 | Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption... |
| CVE-2023-34312 | 2023-06-01 | In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition. |
| CVE-2023-2598 | 2023-06-01 | A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of... |
| CVE-2023-2977 | 2023-06-01 | A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The... |
| CVE-2023-2985 | 2023-06-01 | A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. |
| CVE-2022-35742 | 2023-06-01 | Microsoft Outlook Denial of Service Vulnerability |
| CVE-2023-24584 | 2023-06-01 | Controller 6000 buffer overflow via upload feature in web interface |
| CVE-2010-10010 | 2023-06-01 | Stars Alliance PsychoStats login.php cross site scripting |
| CVE-2023-3028 | 2023-06-01 | Improper backend communication allows access and manipulation of the telemetry data |
| CVE-2022-4333 | 2023-06-01 | Sprecher: Sprecon maintenance access with hardcoded credentials |
| CVE-2022-4332 | 2023-06-01 | Sprecher: Vulnerable firmware verification |
| CVE-2023-3029 | 2023-06-01 | Guangdong Pythagorean OA Office System delete cross-site request forgery |
| CVE-2018-25086 | 2023-06-01 | sea75300 FanPress CM Template Preview templatepreview.php getArticlesPreview cross site scripting |
| CVE-2023-32181 | 2023-06-01 | Stack buffer overflow in "econf_writeFile" function |
| CVE-2023-22652 | 2023-06-01 | Stack buffer overflow in "read_file" function |
| CVE-2023-22648 | 2023-06-01 | A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would... |
| CVE-2023-22647 | 2023-06-01 | An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted,... |
| CVE-2022-43760 | 2023-06-01 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another... |
| CVE-2014-125104 | 2023-06-01 | VaultPress Plugin MailPoet Plugin class.vaultpress-hotfixes.php protect_aioseo_ajax unrestricted upload |
| CVE-2015-10109 | 2023-06-01 | Video Playlist and Gallery Plugin wp-media-cincopa.php cross-site request forgery |
| CVE-2023-3035 | 2023-06-01 | Guangdong Pythagorean OA Office System Schedule cross site scripting |
| CVE-2023-33965 | 2023-06-01 | Brook's tproxy server is vulnerable to a drive-by command injection. |
| CVE-2023-32310 | 2023-06-01 | DataEase API interface has IDOR vulnerability |
| CVE-2023-33963 | 2023-06-01 | DataEase data source has deserialization vulnerability |
| CVE-2023-28066 | 2023-06-01 | Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on... |
| CVE-2023-28043 | 2023-06-01 | Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain... |
| CVE-2023-32324 | 2023-06-01 | OpenPrinting CUPS vulnerable to heap buffer overflow |
| CVE-2023-32690 | 2023-06-01 | Responder can Invoke Undefined Behavior in libspdm Requester |
| CVE-2023-33960 | 2023-06-01 | OpenProject vulnerable to project identifier information leakage through robots.txt |
| CVE-2023-34091 | 2023-06-01 | Kyverno resource with a deletionTimestamp may allow policy circumvention |
| CVE-2023-34092 | 2023-06-01 | Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) |
| CVE-2023-32708 | 2023-06-01 | HTTP Response Splitting via the ‘rest’ SPL Command |
| CVE-2023-32711 | 2023-06-01 | Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View |
| CVE-2023-32715 | 2023-06-01 | Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing |
| CVE-2023-32706 | 2023-06-01 | Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication |
| CVE-2023-32717 | 2023-06-01 | Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results |
| CVE-2023-32710 | 2023-06-01 | Information Disclosure via the ‘copyresults’ SPL Command |
| CVE-2023-32716 | 2023-06-01 | Denial of Service via the 'dump' SPL command |
| CVE-2023-32714 | 2023-06-01 | Path Traversal in Splunk App for Lookup File Editing |
| CVE-2023-32712 | 2023-06-01 | Unauthenticated Log Injection in Splunk Enterprise |
| CVE-2023-32713 | 2023-06-01 | Local Privilege Escalation via the ‘streamfwd’ program in Splunk App for Stream |
| CVE-2023-32707 | 2023-06-01 | ‘edit_user’ Capability Privilege Escalation |
| CVE-2023-32709 | 2023-06-01 | Low-privileged User can View Hashed Default Splunk Password |
| CVE-2023-34339 | 2023-06-01 | In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message |
| CVE-2015-10110 | 2023-06-01 | ruddernation TinyChat Room Spy Plugin room-spy.php wp_show_room_spy cross site scripting |
| CVE-2016-15032 | 2023-06-01 | mback2k mh_httpbl Extension class.tx_mhhttpbl.php stopOutput cross site scripting |
| CVE-2022-24695 | 2023-06-02 | Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully... |
| CVE-2022-45938 | 2023-06-02 | An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote... |
| CVE-2022-46307 | 2023-06-02 | SGUDA U-Lock - Broken Access Control |
| CVE-2022-46308 | 2023-06-02 | SGUDA U-Lock - Broken Access Control |
| CVE-2022-47616 | 2023-06-02 | Hitron Technologies Inc. CODA-5310 - Remote Command Execution |