CVE List - 2023 / May
Showing 701 - 800 of 2420 CVEs for May 2023 (Page 8 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-32060 | 2023-05-09 | DHIS2 Core Improper Access Control with Category Option Combination sharing in /api/trackedEntityInstance and /api/events |
| CVE-2023-31143 | 2023-05-09 | Mage terminal user authentication not working properly |
| CVE-2023-31144 | 2023-05-09 | Craft CMS vulnerable to cross site scripting in RSS feed widget |
| CVE-2023-32066 | 2023-05-09 | Time Tracker has Stored XSS vulnerability in Week View plugin |
| CVE-2023-32069 | 2023-05-09 | XWiki Platform privilege escalation (PR)/RCE from account through class sheet |
| CVE-2023-32071 | 2023-05-09 | XWiki Platform vulnerable to RXSS via editor parameter - importinline template |
| CVE-2023-25829 | 2023-05-09 | BUG-000155001 - Unvalidated redirect in Portal for ArcGIS. |
| CVE-2023-25830 | 2023-05-09 | BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS |
| CVE-2023-28283 | 2023-05-09 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2023-24898 | 2023-05-09 | Windows SMB Denial of Service Vulnerability |
| CVE-2023-24899 | 2023-05-09 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2023-24939 | 2023-05-09 | Server for NFS Denial of Service Vulnerability |
| CVE-2023-24900 | 2023-05-09 | Windows NTLM Security Support Provider Information Disclosure Vulnerability |
| CVE-2023-24940 | 2023-05-09 | Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability |
| CVE-2023-24901 | 2023-05-09 | Windows NFS Portmapper Information Disclosure Vulnerability |
| CVE-2023-24941 | 2023-05-09 | Windows Network File System Remote Code Execution Vulnerability |
| CVE-2023-24902 | 2023-05-09 | Win32k Elevation of Privilege Vulnerability |
| CVE-2023-24942 | 2023-05-09 | Remote Procedure Call Runtime Denial of Service Vulnerability |
| CVE-2023-24903 | 2023-05-09 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| CVE-2023-24943 | 2023-05-09 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
| CVE-2023-24905 | 2023-05-09 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2023-24944 | 2023-05-09 | Windows Bluetooth Driver Information Disclosure Vulnerability |
| CVE-2023-24945 | 2023-05-09 | Windows iSCSI Target Service Information Disclosure Vulnerability |
| CVE-2023-24946 | 2023-05-09 | Windows Backup Service Elevation of Privilege Vulnerability |
| CVE-2023-24947 | 2023-05-09 | Windows Bluetooth Driver Remote Code Execution Vulnerability |
| CVE-2023-24948 | 2023-05-09 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
| CVE-2023-24949 | 2023-05-09 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-24950 | 2023-05-09 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2023-24953 | 2023-05-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2023-24954 | 2023-05-09 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| CVE-2023-24955 | 2023-05-09 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2023-29324 | 2023-05-09 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
| CVE-2023-29335 | 2023-05-09 | Microsoft Word Security Feature Bypass Vulnerability |
| CVE-2023-29336 | 2023-05-09 | Win32k Elevation of Privilege Vulnerability |
| CVE-2023-29338 | 2023-05-09 | Visual Studio Code Spoofing Vulnerability |
| CVE-2023-29340 | 2023-05-09 | AV1 Video Extension Remote Code Execution Vulnerability |
| CVE-2023-29341 | 2023-05-09 | AV1 Video Extension Remote Code Execution Vulnerability |
| CVE-2023-29343 | 2023-05-09 | SysInternals Sysmon for Windows Elevation of Privilege Vulnerability |
| CVE-2023-24932 | 2023-05-09 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2023-28251 | 2023-05-09 | Windows Driver Revocation List Security Feature Bypass Vulnerability |
| CVE-2023-28290 | 2023-05-09 | Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability |
| CVE-2023-24904 | 2023-05-09 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2023-29325 | 2023-05-09 | Windows OLE Remote Code Execution Vulnerability |
| CVE-2023-29333 | 2023-05-09 | Microsoft Access Denial of Service Vulnerability |
| CVE-2021-26379 | 2023-05-09 | Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. |
| CVE-2021-26397 | 2023-05-09 | Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability. |
| CVE-2021-46762 | 2023-05-09 | Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service. |
| CVE-2021-46763 | 2023-05-09 | Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity. |
| CVE-2021-46764 | 2023-05-09 | Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service. |
| CVE-2021-46769 | 2023-05-09 | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution. |
| CVE-2021-46775 | 2023-05-09 | Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution. |
| CVE-2022-23818 | 2023-05-09 | Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity. |
| CVE-2023-20520 | 2023-05-09 | Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. |
| CVE-2023-20524 | 2023-05-09 | An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a... |
| CVE-2021-26354 | 2023-05-09 | Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially... |
| CVE-2021-26356 | 2023-05-09 | A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. |
| CVE-2021-26365 | 2023-05-09 | Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory... |
| CVE-2021-26371 | 2023-05-09 | A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information... |
| CVE-2021-26406 | 2023-05-09 | Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of... |
| CVE-2021-46749 | 2023-05-09 | Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in... |
| CVE-2021-46753 | 2023-05-09 | Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP... |
| CVE-2021-46754 | 2023-05-09 | Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the... |
| CVE-2021-46755 | 2023-05-09 | Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting... |
| CVE-2021-46756 | 2023-05-09 | Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to... |
| CVE-2021-46759 | 2023-05-09 | Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the... |
| CVE-2021-46760 | 2023-05-09 | A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an... |
| CVE-2021-46765 | 2023-05-09 | Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service. |
| CVE-2021-46773 | 2023-05-09 | Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. |
| CVE-2021-46792 | 2023-05-09 | Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon... |
| CVE-2021-46794 | 2023-05-09 | Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in... |
| CVE-2023-25831 | 2023-05-09 | BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS. |
| CVE-2022-36330 | 2023-05-09 | Buffer Overflow Vulnerability in Western Digital My Cloud Home and ibi devices |
| CVE-2023-25833 | 2023-05-10 | BUG-000155004 HTML injection issue in Portal for ArcGIS. |
| CVE-2021-45345 | 2023-05-10 | Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file. |
| CVE-2022-4008 | 2023-05-10 | In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service |
| CVE-2023-22361 | 2023-05-10 | Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product. |
| CVE-2023-22441 | 2023-05-10 | Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some... |
| CVE-2023-23578 | 2023-05-10 | Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port. |
| CVE-2023-23901 | 2023-05-10 | Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a... |
| CVE-2023-23906 | 2023-05-10 | Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting... |
| CVE-2023-24586 | 2023-05-10 | Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product. |
| CVE-2023-25070 | 2023-05-10 | Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the... |
| CVE-2023-25072 | 2023-05-10 | Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. |
| CVE-2023-25184 | 2023-05-10 | Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products... |
| CVE-2023-25568 | 2023-05-10 | Boxo bitswap/server: DOS unbounded persistent memory leak |
| CVE-2023-2614 | 2023-05-10 | Cross-site Scripting (XSS) - DOM in pimcore/pimcore |
| CVE-2023-2615 | 2023-05-10 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore |
| CVE-2023-2616 | 2023-05-10 | Cross-site Scripting (XSS) - Generic in pimcore/pimcore |
| CVE-2023-2629 | 2023-05-10 | Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework |
| CVE-2023-2630 | 2023-05-10 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-27385 | 2023-05-10 | Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be... |
| CVE-2023-27510 | 2023-05-10 | JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using... |
| CVE-2023-27527 | 2023-05-10 | Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an... |
| CVE-2023-27562 | 2023-05-10 | The n8n package 0.218.0 for Node.js allows Directory Traversal. |
| CVE-2023-27563 | 2023-05-10 | The n8n package 0.218.0 for Node.js allows Escalation of Privileges. |
| CVE-2023-27564 | 2023-05-10 | The n8n package 0.218.0 for Node.js allows Information Disclosure. |
| CVE-2023-27888 | 2023-05-10 | Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product. |
| CVE-2023-27889 | 2023-05-10 | Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations... |
| CVE-2023-27918 | 2023-05-10 | Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a... |
| CVE-2023-27919 | 2023-05-10 | Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system. |