CVE List - 2023 / May
Showing 1101 - 1200 of 2420 CVEs for May 2023 (Page 12 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-2666 | 2023-05-12 | Allocation of Resources Without Limits or Throttling in froxlor/froxlor |
| CVE-2023-2674 | 2023-05-12 | Improper Access Control in openemr/openemr |
| CVE-2023-2675 | 2023-05-12 | Improper Restriction of Excessive Authentication Attempts in linagora/twake |
| CVE-2023-27237 | 2023-05-12 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. |
| CVE-2023-27238 | 2023-05-12 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. |
| CVE-2023-27823 | 2023-05-12 | An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials. |
| CVE-2023-29657 | 2023-05-12 | eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions. |
| CVE-2023-29790 | 2023-05-12 | kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. |
| CVE-2023-29808 | 2023-05-12 | Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code. |
| CVE-2023-29809 | 2023-05-12 | SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request. |
| CVE-2023-29818 | 2023-05-12 | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. |
| CVE-2023-29819 | 2023-05-12 | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. |
| CVE-2023-29820 | 2023-05-12 | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is... |
| CVE-2023-29983 | 2023-05-12 | Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel. |
| CVE-2023-30130 | 2023-05-12 | An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. |
| CVE-2023-30246 | 2023-05-12 | SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter. |
| CVE-2023-30247 | 2023-05-12 | File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. |
| CVE-2023-30330 | 2023-05-12 | SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. |
| CVE-2023-31913 | 2023-05-12 | Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. |
| CVE-2023-31914 | 2023-05-12 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. |
| CVE-2023-31916 | 2023-05-12 | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. |
| CVE-2023-31918 | 2023-05-12 | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. |
| CVE-2023-31919 | 2023-05-12 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. |
| CVE-2023-31920 | 2023-05-12 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. |
| CVE-2023-31921 | 2023-05-12 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. |
| CVE-2023-31922 | 2023-05-12 | QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c. |
| CVE-2023-31983 | 2023-05-12 | A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations. |
| CVE-2023-31985 | 2023-05-12 | A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations. |
| CVE-2021-39036 | 2023-05-12 | IBM Cognos Analytics cross-site scripting |
| CVE-2023-28520 | 2023-05-12 | IBM Planning Analytics Local cross-site scripting |
| CVE-2023-28522 | 2023-05-12 | IBM API Connect improper access control |
| CVE-2023-2667 | 2023-05-12 | SourceCodester Lost and Found Information System cross site scripting |
| CVE-2023-2668 | 2023-05-12 | SourceCodester Lost and Found Information System GET Parameter manager_category sql injection |
| CVE-2023-32243 | 2023-05-12 | WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation |
| CVE-2023-2669 | 2023-05-12 | SourceCodester Lost and Found Information System GET Parameter sql injection |
| CVE-2023-29246 | 2023-05-12 | Apache OpenMeetings: allows null-byte Injection |
| CVE-2023-29032 | 2023-05-12 | Apache OpenMeetings: allows bypass authentication |
| CVE-2023-28936 | 2023-05-12 | Apache OpenMeetings: insufficient check of invitation hash |
| CVE-2023-2670 | 2023-05-12 | SourceCodester Lost and Found Information System access control |
| CVE-2023-2671 | 2023-05-12 | SourceCodester Lost and Found Information System Contact Form cross site scripting |
| CVE-2023-2515 | 2023-05-12 | Privilege escalation to system admin via personal access tokens |
| CVE-2023-2514 | 2023-05-12 | DB username/password revealed in application logs |
| CVE-2023-2672 | 2023-05-12 | SourceCodester Lost and Found Information System GET Parameter view.php sql injection |
| CVE-2023-2676 | 2023-05-12 | H3C R160 aspForm stack-based overflow |
| CVE-2023-2677 | 2023-05-12 | SourceCodester Covid-19 Contact Tracing System manage.php sql injection |
| CVE-2023-2678 | 2023-05-12 | SourceCodester File Tracker Manager System POST Parameter save_user.php cross site scripting |
| CVE-2023-2512 | 2023-05-12 | Buffer under-read in workerd |
| CVE-2023-2682 | 2023-05-12 | Caton Live Mini_HTTPD ping.cgi command injection |
| CVE-2023-23444 | 2023-05-12 | Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596,... |
| CVE-2023-1934 | 2023-05-12 | The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers... |
| CVE-2023-32073 | 2023-05-12 | AVideo command injection vulnerability |
| CVE-2023-32081 | 2023-05-12 | Vert.x STOMP server process client frames that would not send initially a connect frame |
| CVE-2023-31197 | 2023-05-12 | Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-29242 | 2023-05-12 | Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2023-30763 | 2023-05-12 | Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-31199 | 2023-05-12 | Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-30768 | 2023-05-12 | Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable... |
| CVE-2023-23867 | 2023-05-12 | WordPress Button Builder – Buttons X Plugin <= 0.8.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23810 | 2023-05-12 | WordPress Panorama – WordPress Project Management Plugin Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28414 | 2023-05-12 | WordPress ApexChat Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25958 | 2023-05-12 | WordPress Simple Tooltips Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25460 | 2023-05-12 | WordPress Easy Ad Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22685 | 2023-05-12 | WordPress Category Specific RSS feed Subscription Plugin <= v2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2457 | 2023-05-12 | Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium... |
| CVE-2023-2458 | 2023-05-12 | Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially... |
| CVE-2023-25927 | 2023-05-12 | IBM Security Verify Access denial of service |
| CVE-2023-27863 | 2023-05-12 | IBM Spectrum Protect Plus Server information disclosure |
| CVE-2023-32305 | 2023-05-12 | aiven-extras PostgreSQL Privilege Escalation Through Overloaded Search Path |
| CVE-2023-32306 | 2023-05-12 | Time Tracker has Blind SQL Injection Vulnerability in Reports |
| CVE-2023-32303 | 2023-05-12 | Planet's secret file is created with excessive permissions |
| CVE-2023-2689 | 2023-05-14 | SourceCodester Billing Management System GET Parameter editproduct.php sql injection |
| CVE-2023-2690 | 2023-05-14 | SourceCodester Personnel Property Equipment System GET Parameter returned_reuse_form.php sql injection |
| CVE-2023-2691 | 2023-05-14 | SourceCodester Personnel Property Equipment System POST Parameter add_item.php cross site scripting |
| CVE-2023-2692 | 2023-05-14 | SourceCodester ICT Laboratory Management System GET Parameter room_info.php cross site scripting |
| CVE-2023-2693 | 2023-05-14 | SourceCodester Online Exam System POST Parameter data sql injection |
| CVE-2023-2694 | 2023-05-14 | SourceCodester Online Exam System POST Parameter data sql injection |
| CVE-2023-2695 | 2023-05-14 | SourceCodester Online Exam System POST Parameter data sql injection |
| CVE-2023-2696 | 2023-05-14 | SourceCodester Online Exam System POST Parameter data sql injection |
| CVE-2023-2697 | 2023-05-14 | SourceCodester Online Exam System POST Parameter data sql injection |
| CVE-2023-2698 | 2023-05-14 | SourceCodester Lost and Found Information System GET Parameter sql injection |
| CVE-2023-2699 | 2023-05-14 | SourceCodester Lost and Found Information System GET Parameter sql injection |
| CVE-2023-1729 | 2023-05-15 | A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. |
| CVE-2023-2124 | 2023-05-15 | An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This... |
| CVE-2023-32787 | 2023-05-15 | The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications. |
| CVE-2021-0877 | 2023-05-15 | Product: AndroidVersions: Android SoCAndroid ID: A-273754094 |
| CVE-2023-20673 | 2023-05-15 | In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed... |
| CVE-2023-20694 | 2023-05-15 | In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20695 | 2023-05-15 | In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20696 | 2023-05-15 | In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20697 | 2023-05-15 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20698 | 2023-05-15 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20699 | 2023-05-15 | In adsp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20700 | 2023-05-15 | In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20701 | 2023-05-15 | In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20703 | 2023-05-15 | In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2023-20704 | 2023-05-15 | In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2023-20705 | 2023-05-15 | In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2023-20706 | 2023-05-15 | In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2023-20707 | 2023-05-15 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20708 | 2023-05-15 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |