CVE List - 2023 / May
Showing 1501 - 1600 of 2420 CVEs for May 2023 (Page 16 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-20173 | 2023-05-18 | Cisco Identity Services Engine XML External Entity Injection Vulnerabilities |
| CVE-2023-20174 | 2023-05-18 | Cisco Identity Services Engine XML External Entity Injection Vulnerabilities |
| CVE-2023-20182 | 2023-05-18 | Cisco DNA Center Software API Vulnerabilities |
| CVE-2023-20183 | 2023-05-18 | Cisco DNA Center Software API Vulnerabilities |
| CVE-2023-20184 | 2023-05-18 | Cisco DNA Center Software API Vulnerabilities |
| CVE-2023-20189 | 2023-05-18 | Cisco Small Business Series Switches Buffer Overflow Vulnerabilities |
| CVE-2023-27217 | 2023-05-18 | A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request. |
| CVE-2023-2800 | 2023-05-18 | Insecure Temporary File in huggingface/transformers |
| CVE-2023-28369 | 2023-05-18 | Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead... |
| CVE-2023-29720 | 2023-05-18 | SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index.php. |
| CVE-2023-29857 | 2023-05-18 | An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link. |
| CVE-2023-29985 | 2023-05-18 | Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability. |
| CVE-2023-31597 | 2023-05-18 | An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized... |
| CVE-2023-31655 | 2023-05-18 | redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. |
| CVE-2023-31729 | 2023-05-18 | TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. |
| CVE-2023-31871 | 2023-05-18 | OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID... |
| CVE-2023-1195 | 2023-05-18 | A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an... |
| CVE-2023-30124 | 2023-05-18 | LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-30333 | 2023-05-18 | An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2023-33203 | 2023-05-18 | The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. |
| CVE-2023-33204 | 2023-05-18 | sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. |
| CVE-2023-2757 | 2023-05-18 | The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could... |
| CVE-2023-30868 | 2023-05-18 | WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30487 | 2023-05-18 | WordPress LearnPress Export Import Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45453 | 2023-05-18 | TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. |
| CVE-2022-45452 | 2023-05-18 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. |
| CVE-2022-45457 | 2023-05-18 | Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984. |
| CVE-2022-45458 | 2023-05-18 | Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux)... |
| CVE-2022-45459 | 2023-05-18 | Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. |
| CVE-2022-45450 | 2023-05-18 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before... |
| CVE-2023-31233 | 2023-05-18 | WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32515 | 2023-05-18 | WordPress Custom Field Suite Plugin <= 2.6.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-4418 | 2023-05-18 | Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208. |
| CVE-2023-30780 | 2023-05-18 | WordPress User IP and Location Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47157 | 2023-05-18 | WordPress WP Custom Fields Search Plugin <= 1.2.34 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23999 | 2023-05-18 | WordPress Google Analytics by Monster Insights Plugin <= 8.14.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2782 | 2023-05-18 | Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38. |
| CVE-2023-23667 | 2023-05-18 | WordPress Brands for WooCommerce Plugin <= 3.7.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27423 | 2023-05-18 | WordPress Auto Prune Posts Plugin <= 1.8.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27430 | 2023-05-18 | WordPress Mass Delete Unused Tags Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25698 | 2023-05-18 | WordPress Shoppable Images Lite Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2789 | 2023-05-18 | GNU cflow parser.c parse_variable_declaration denial of service |
| CVE-2023-2790 | 2023-05-18 | TOTOLINK N200RE Telnet Service custom.conf password in configuration file |
| CVE-2023-2799 | 2023-05-18 | cnoa OA hard-coded password |
| CVE-2023-32322 | 2023-05-18 | Arbitrary file read in Ombi |
| CVE-2022-36326 | 2023-05-18 | Resource Exhaustion Vulnerability in Western Digital devices |
| CVE-2022-36327 | 2023-05-18 | Path traversal vulnerability leading to an arbitrary file write in Western Digital devices |
| CVE-2022-36328 | 2023-05-18 | Path Traversal Vulnerability leading to an arbitrary file read in Western Digital devices |
| CVE-2023-0965 | 2023-05-18 | Key duplication in GSDK |
| CVE-2023-1132 | 2023-05-18 | Key duplication in GSDK |
| CVE-2023-2481 | 2023-05-18 | Key duplication in GSDK |
| CVE-2023-32096 | 2023-05-18 | Key duplication in GSDK |
| CVE-2023-32097 | 2023-05-18 | Key duplication in GSDK |
| CVE-2023-32098 | 2023-05-18 | Key duplication in GSDK |
| CVE-2023-32099 | 2023-05-18 | Key duplication in GSDK |
| CVE-2023-32100 | 2023-05-18 | Key duplication in GSDK |
| CVE-2023-2024 | 2023-05-18 | Improper Authentication for OpenBlue Enterprise Manager Data Collector |
| CVE-2023-2025 | 2023-05-18 | Exposure of Sensitive Information in OpenBlue Enterprise Manager Data Collector |
| CVE-2023-23556 | 2023-05-18 | An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write.... |
| CVE-2023-23557 | 2023-05-18 | An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this... |
| CVE-2023-23759 | 2023-05-18 | There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the... |
| CVE-2023-24832 | 2023-05-18 | A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set... |
| CVE-2023-24833 | 2023-05-18 | A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is... |
| CVE-2023-25933 | 2023-05-18 | A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only... |
| CVE-2023-28081 | 2023-05-18 | A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this... |
| CVE-2023-28753 | 2023-05-18 | netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data. |
| CVE-2023-30470 | 2023-05-18 | A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote... |
| CVE-2022-35798 | 2023-05-18 | Azure Arc Jumpstart Information Disclosure Vulnerability |
| CVE-2023-32680 | 2023-05-18 | Missing SQL permissions check in metabase |
| CVE-2022-30114 | 2023-05-19 | A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the... |
| CVE-2023-20881 | 2023-05-19 | Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for... |
| CVE-2023-26818 | 2023-05-19 | Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. |
| CVE-2023-30199 | 2023-05-19 | Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php. |
| CVE-2023-30774 | 2023-05-19 | A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. |
| CVE-2023-30775 | 2023-05-19 | A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. |
| CVE-2023-31707 | 2023-05-19 | SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. |
| CVE-2023-31756 | 2023-05-19 | A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated... |
| CVE-2023-31757 | 2023-05-19 | DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian' |
| CVE-2023-31862 | 2023-05-19 | jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in... |
| CVE-2023-33240 | 2023-05-19 | Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local... |
| CVE-2023-2704 | 2023-05-19 | The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied... |
| CVE-2023-1618 | 2023-05-19 | Authentication Bypass Vulnerability in MELSEC WS Series Ethernet Interface Module |
| CVE-2023-2806 | 2023-05-19 | Weaver e-cology API RequestInfoByXml xml external entity reference |
| CVE-2023-28045 | 2023-05-19 | Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data. |
| CVE-2023-28514 | 2023-05-19 | IBM MQ information disclosure |
| CVE-2023-28950 | 2023-05-19 | IBM MQ information disclosure |
| CVE-2023-28529 | 2023-05-19 | IBM InfoSphere Information Server 11.7 |
| CVE-2023-22878 | 2023-05-19 | IBM InfoSphere Information Server information disclosure |
| CVE-2022-47984 | 2023-05-19 | IBM InfoSphere Information Server SQL injection |
| CVE-2023-2814 | 2023-05-19 | SourceCodester Class Scheduling System POST Parameter save_teacher.php cross site scripting |
| CVE-2023-2815 | 2023-05-19 | SourceCodester Online Jewelry Store POST Parameter supplier.php sql injection |
| CVE-2023-1996 | 2023-05-19 | Reflected Cross-site Scripting (XSS) vulnerability affecting Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x |
| CVE-2023-32679 | 2023-05-19 | Remote Code Execution via unrestricted file extension in Craft CMS |
| CVE-2023-32675 | 2023-05-19 | Nonpayable default functions are sometimes payable in vyper |
| CVE-2023-32677 | 2023-05-19 | Users who can send invitations can erroneously add users to streams during invitation in Zulip |
| CVE-2023-28623 | 2023-05-19 | Unauthorized user can register an account in specific configurations in Zulip |
| CVE-2023-32700 | 2023-05-20 | LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This... |
| CVE-2023-33244 | 2023-05-20 | Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page. |
| CVE-2023-2715 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This... |
| CVE-2023-2714 | 2023-05-20 | The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This... |