CVE List - 2023 / May
Showing 1201 - 1300 of 2420 CVEs for May 2023 (Page 13 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-20709 | 2023-05-15 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20710 | 2023-05-15 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20711 | 2023-05-15 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20717 | 2023-05-15 | In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is... |
| CVE-2023-20718 | 2023-05-15 | In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20719 | 2023-05-15 | In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20720 | 2023-05-15 | In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20721 | 2023-05-15 | In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20722 | 2023-05-15 | In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20726 | 2023-05-15 | In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2023-20914 | 2023-05-15 | In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with... |
| CVE-2023-20930 | 2023-05-15 | In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with... |
| CVE-2023-21102 | 2023-05-15 | In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with... |
| CVE-2023-21103 | 2023-05-15 | In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed... |
| CVE-2023-21104 | 2023-05-15 | In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android... |
| CVE-2023-21106 | 2023-05-15 | In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2023-21107 | 2023-05-15 | In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is... |
| CVE-2023-21109 | 2023-05-15 | In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local... |
| CVE-2023-21110 | 2023-05-15 | In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-21111 | 2023-05-15 | In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service... |
| CVE-2023-21112 | 2023-05-15 | In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-21116 | 2023-05-15 | In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local... |
| CVE-2023-21117 | 2023-05-15 | In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege... |
| CVE-2023-21118 | 2023-05-15 | In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-2700 | 2023-05-15 | A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free... |
| CVE-2023-29861 | 2023-05-15 | An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. |
| CVE-2023-29862 | 2023-05-15 | An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters. |
| CVE-2023-30245 | 2023-05-15 | SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the crit_id parameter of the edit_criteria.php file. |
| CVE-2023-31607 | 2023-05-15 | An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31608 | 2023-05-15 | An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31609 | 2023-05-15 | An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31610 | 2023-05-15 | An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31611 | 2023-05-15 | An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31612 | 2023-05-15 | An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31613 | 2023-05-15 | An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31614 | 2023-05-15 | An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. |
| CVE-2023-31615 | 2023-05-15 | An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31616 | 2023-05-15 | An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31617 | 2023-05-15 | An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31618 | 2023-05-15 | An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31619 | 2023-05-15 | An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31620 | 2023-05-15 | An issue in the dv_compare component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31621 | 2023-05-15 | An issue in the kc_var_col component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31622 | 2023-05-15 | An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31623 | 2023-05-15 | An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31624 | 2023-05-15 | An issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31625 | 2023-05-15 | An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31626 | 2023-05-15 | An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31627 | 2023-05-15 | An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31628 | 2023-05-15 | An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31629 | 2023-05-15 | An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31630 | 2023-05-15 | An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31631 | 2023-05-15 | An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-31842 | 2023-05-15 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=. |
| CVE-2023-31843 | 2023-05-15 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=. |
| CVE-2023-31844 | 2023-05-15 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=. |
| CVE-2023-31845 | 2023-05-15 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_class.php?id=. |
| CVE-2023-31986 | 2023-05-15 | A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations. |
| CVE-2023-32758 | 2023-05-15 | giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if... |
| CVE-2023-32784 | 2023-05-15 | In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory... |
| CVE-2023-22318 | 2023-05-15 | Denial of service against webconf |
| CVE-2023-1698 | 2023-05-15 | WAGO: WBM Command Injection in multiple products |
| CVE-2022-47937 | 2023-05-15 | Multiple parsing problems in the Apache Sling Commons JSON module |
| CVE-2022-4048 | 2023-05-15 | CODESYS V3 prone to Inadequate Encryption Stregth |
| CVE-2022-22508 | 2023-05-15 | CODESYS V3: Improper Input Validation |
| CVE-2022-47378 | 2023-05-15 | CODESYS: Multiple products prone to Improper Input Validation |
| CVE-2022-47379 | 2023-05-15 | CODESYS: Multiple products prone to out-of-bounds write |
| CVE-2022-47380 | 2023-05-15 | CODESYS: Multiple products prone to out-of-bounds write |
| CVE-2022-47381 | 2023-05-15 | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47382 | 2023-05-15 | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47383 | 2023-05-15 | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47384 | 2023-05-15 | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47385 | 2023-05-15 | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47386 | 2023-05-15 | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47387 | 2023-05-15 | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47388 | 2023-05-15 | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47389 | 2023-05-15 | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47390 | 2023-05-15 | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47391 | 2023-05-15 | CODESYS: Multiple products prone to Improper Input Validation |
| CVE-2022-47392 | 2023-05-15 | CODESYS: Multiple products prone to Improper Input Validation |
| CVE-2022-47393 | 2023-05-15 | CODESYS: Multiple products prone to improperly restricted memory operations |
| CVE-2023-22684 | 2023-05-15 | WordPress Subscribers – Free Web Push Notifications Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22690 | 2023-05-15 | WordPress Ebook Store Plugin <= 5.775 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22703 | 2023-05-15 | WordPress WCP Contact Form Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23445 | 2023-05-15 | Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields... |
| CVE-2023-23446 | 2023-05-15 | Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore... |
| CVE-2023-23447 | 2023-05-15 | Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver... |
| CVE-2023-23448 | 2023-05-15 | Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about... |
| CVE-2023-23449 | 2023-05-15 | Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing... |
| CVE-2023-23450 | 2023-05-15 | Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to... |
| CVE-2023-31408 | 2023-05-15 | Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that... |
| CVE-2023-31409 | 2023-05-15 | Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by... |
| CVE-2023-22706 | 2023-05-15 | WordPress PropertyHive Plugin <= 1.5.48 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22717 | 2023-05-15 | WordPress FormCraft Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23688 | 2023-05-15 | WordPress Social Share Boost Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23674 | 2023-05-15 | WordPress WP Original Media Path Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23683 | 2023-05-15 | WordPress White Label Branding for Elementor Page Builder Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23654 | 2023-05-15 | WordPress SparkPost Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23682 | 2023-05-15 | WordPress EZP Maintenance Mode Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1207 | 2023-05-15 | HTTP Headers < 1.18.8 - Admin+ SQL Injection |