CVE List - 2023 / May
Showing 201 - 300 of 2420 CVEs for May 2023 (Page 3 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-21488 | 2023-05-04 | Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips. |
| CVE-2023-21489 | 2023-05-04 | Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code. |
| CVE-2023-21490 | 2023-05-04 | Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. |
| CVE-2023-21491 | 2023-05-04 | Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege. |
| CVE-2023-21492 | 2023-05-04 | Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. |
| CVE-2023-21493 | 2023-05-04 | Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data. |
| CVE-2023-21494 | 2023-05-04 | Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. |
| CVE-2023-21495 | 2023-05-04 | Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set. |
| CVE-2023-21496 | 2023-05-04 | Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level. |
| CVE-2023-21497 | 2023-05-04 | Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address. |
| CVE-2023-21498 | 2023-05-04 | Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. |
| CVE-2023-21499 | 2023-05-04 | Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. |
| CVE-2023-21500 | 2023-05-04 | Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory. |
| CVE-2023-21501 | 2023-05-04 | Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. |
| CVE-2023-21502 | 2023-05-04 | Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands. |
| CVE-2023-21503 | 2023-05-04 | Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. |
| CVE-2023-21504 | 2023-05-04 | Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. |
| CVE-2023-21505 | 2023-05-04 | Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. |
| CVE-2023-21506 | 2023-05-04 | Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. |
| CVE-2023-21507 | 2023-05-04 | Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. |
| CVE-2023-21508 | 2023-05-04 | Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. |
| CVE-2023-21509 | 2023-05-04 | Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. |
| CVE-2023-21510 | 2023-05-04 | Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. |
| CVE-2023-21511 | 2023-05-04 | Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. |
| CVE-2023-23059 | 2023-05-04 | An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated... |
| CVE-2023-25289 | 2023-05-04 | Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request. |
| CVE-2023-25438 | 2023-05-04 | An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files. |
| CVE-2023-27075 | 2023-05-04 | A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-27568 | 2023-05-04 | SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]= |
| CVE-2023-29827 | 2023-05-04 | ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is... |
| CVE-2023-29842 | 2023-05-04 | ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. |
| CVE-2023-29994 | 2023-05-04 | In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. |
| CVE-2023-29995 | 2023-05-04 | In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c |
| CVE-2023-29996 | 2023-05-04 | In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. |
| CVE-2023-30077 | 2023-05-04 | Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id. |
| CVE-2023-30093 | 2023-05-04 | A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-30094 | 2023-05-04 | A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in... |
| CVE-2023-30095 | 2023-05-04 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field. |
| CVE-2023-30096 | 2023-05-04 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. |
| CVE-2023-30097 | 2023-05-04 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field. |
| CVE-2023-30184 | 2023-05-04 | A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment. |
| CVE-2023-30203 | 2023-05-04 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php. |
| CVE-2023-30216 | 2023-05-04 | Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information. |
| CVE-2023-30264 | 2023-05-04 | CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. |
| CVE-2023-30268 | 2023-05-04 | CLTPHP <=6.0 is vulnerable to Improper Input Validation. |
| CVE-2023-30282 | 2023-05-04 | PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak... |
| CVE-2023-30328 | 2023-05-04 | An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use. |
| CVE-2023-30331 | 2023-05-04 | An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload. |
| CVE-2023-30399 | 2023-05-04 | Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack. |
| CVE-2023-31099 | 2023-05-04 | Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers. |
| CVE-2023-31284 | 2023-05-04 | illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net. |
| CVE-2023-31413 | 2023-05-04 | Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug... |
| CVE-2023-31414 | 2023-05-04 | Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt... |
| CVE-2023-31415 | 2023-05-04 | Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This... |
| CVE-2023-26125 | 2023-05-04 | Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to... |
| CVE-2023-25934 | 2023-05-04 | DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify... |
| CVE-2023-22651 | 2023-05-04 | Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component... |
| CVE-2017-20184 | 2023-05-04 | Carlo Gavazzi Powersoft prone to Path Traversal |
| CVE-2022-4259 | 2023-05-04 | Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2 |
| CVE-2023-25962 | 2023-05-04 | WordPress Accordions Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45818 | 2023-05-04 | WordPress Hero Banner Ultimate Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26016 | 2023-05-04 | WordPress Simple Portfolio Gallery Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26012 | 2023-05-04 | WordPress Custom Login Page Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26010 | 2023-05-04 | WordPress WPMobile.App Plugin <= 11.18 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23470 | 2023-05-04 | IBM i privilege escalation |
| CVE-2023-30619 | 2023-05-04 | XSS in the tooltip via an artifact title |
| CVE-2023-24958 | 2023-05-04 | IBM TS7700 Management Interface command injection |
| CVE-2023-2519 | 2023-05-04 | Caton CTP Relay Server API login sql injection |
| CVE-2023-2520 | 2023-05-04 | Caton Prime Ping command injection |
| CVE-2023-2521 | 2023-05-04 | NEXTU NEXT-7004N POST Request formFilter cross site scripting |
| CVE-2023-30550 | 2023-05-04 | IDOR vulnerability exists in metersphere |
| CVE-2023-2522 | 2023-05-04 | Chengdu VEC40G Network Detection os command injection |
| CVE-2023-2523 | 2023-05-04 | Weaver E-Office unrestricted upload |
| CVE-2023-2524 | 2023-05-04 | Control iD RHiD direct request |
| CVE-2023-25458 | 2023-05-04 | WordPress TypeSquare Webfonts for ConoHa Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25977 | 2023-05-04 | WordPress CPT – Speakers Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25982 | 2023-05-04 | WordPress Simple YouTube Responsive Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25961 | 2023-05-04 | WordPress Darcie Theme <= 1.1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47449 | 2023-05-04 | WordPress Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47434 | 2023-05-04 | WordPress PB SEO Friendly Images Plugin <= 4.0.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1894 | 2023-05-04 | A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. |
| CVE-2023-2427 | 2023-05-05 | Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq |
| CVE-2023-2516 | 2023-05-05 | Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass |
| CVE-2023-2531 | 2023-05-05 | Improper Restriction of Excessive Authentication Attempts in azuracast/azuracast |
| CVE-2023-2550 | 2023-05-05 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-2551 | 2023-05-05 | PHP Remote File Inclusion in unilogies/bumsys |
| CVE-2023-2552 | 2023-05-05 | Cross-Site Request Forgery (CSRF) in unilogies/bumsys |
| CVE-2023-2553 | 2023-05-05 | Cross-site Scripting (XSS) - Stored in unilogies/bumsys |
| CVE-2023-2554 | 2023-05-05 | External Control of File Name or Path in unilogies/bumsys |
| CVE-2023-29659 | 2023-05-05 | A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. |
| CVE-2023-29932 | 2023-05-05 | llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand. |
| CVE-2023-29933 | 2023-05-05 | llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument. |
| CVE-2023-29934 | 2023-05-05 | llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect(). |
| CVE-2023-29935 | 2023-05-05 | llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced. |
| CVE-2023-29939 | 2023-05-05 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr). |
| CVE-2023-29941 | 2023-05-05 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. |
| CVE-2023-29942 | 2023-05-05 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. |
| CVE-2023-29963 | 2023-05-05 | S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. |
| CVE-2023-30013 | 2023-05-05 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. |
| CVE-2023-30053 | 2023-05-05 | TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. |