CVE List - 2023 / May
Showing 501 - 600 of 2420 CVEs for May 2023 (Page 6 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-45065 | 2023-05-08 | WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.20 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24408 | 2023-05-08 | WordPress Ecwid Shopping Cart Plugin <= 6.11.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30551 | 2023-05-08 | Rekor's compressed archives can result in OOM conditions |
| CVE-2023-30837 | 2023-05-08 | Vyper storage allocator overflow |
| CVE-2023-1979 | 2023-05-08 | Auth bypass in Web Stories for WordPress plugin |
| CVE-2023-30840 | 2023-05-08 | On a compromised node, the fluid-csi service account can be used to modify node specs |
| CVE-2023-30844 | 2023-05-08 | Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints |
| CVE-2023-30855 | 2023-05-08 | Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php |
| CVE-2023-30860 | 2023-05-08 | https://github.com/WWBN/AVideo/security/advisories/GHSA-xr9h-p2rc-rpqm |
| CVE-2023-31123 | 2023-05-08 | effectindex/tripreporter vulnerable to improper password verification on POST `/api/v1/account/login` |
| CVE-2023-31127 | 2023-05-08 | DMTF-2023-0001: SPDM mutual authentication bypass |
| CVE-2023-31125 | 2023-05-08 | Uncaught exception in engine.io |
| CVE-2023-31140 | 2023-05-08 | OpenProject user sessions not terminated after activation of 2FA |
| CVE-2023-31141 | 2023-05-08 | OpenSearch issue with fine-grained access control during extremely rare race conditions |
| CVE-2023-31129 | 2023-05-08 | Contiki-NG missing NULL pointer check in IPv6 neighbor discovery |
| CVE-2023-31133 | 2023-05-08 | Ghost vulnerable to disclosure of private API fields |
| CVE-2023-24376 | 2023-05-08 | WordPress WP Simple Events Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23894 | 2023-05-08 | WordPress Surbma | GDPR Proof Cookie Consent & Notice Bar Plugin <= 17.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22710 | 2023-05-08 | WordPress Return and Warranty Management System for WooCommerce Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22813 | 2023-05-08 | Device API endpoint missing access controls on Western Digital Mobile and Web Apps |
| CVE-2023-2156 | 2023-05-09 | A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied... |
| CVE-2023-25832 | 2023-05-09 | BUG-000148346 There is a Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS. |
| CVE-2023-2609 | 2023-05-09 | NULL Pointer Dereference in vim/vim |
| CVE-2023-31489 | 2023-05-09 | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. |
| CVE-2023-31490 | 2023-05-09 | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. |
| CVE-2023-31973 | 2023-05-09 | yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according... |
| CVE-2020-18280 | 2023-05-09 | Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function. |
| CVE-2020-23362 | 2023-05-09 | Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter. |
| CVE-2020-23363 | 2023-05-09 | Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script. |
| CVE-2021-31239 | 2023-05-09 | An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. |
| CVE-2021-31240 | 2023-05-09 | An issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file. |
| CVE-2021-31711 | 2023-05-09 | Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file. |
| CVE-2021-44283 | 2023-05-09 | A buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an information leak via a crafted structure from an untrusted... |
| CVE-2023-25834 | 2023-05-09 | BUG-000142922 Incomplete permission changes in specific cases. |
| CVE-2023-2590 | 2023-05-09 | Missing Authorization in answerdev/answer |
| CVE-2023-2591 | 2023-05-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nilsteampassnet/teampass |
| CVE-2023-2610 | 2023-05-09 | Integer Overflow or Wraparound in vim/vim |
| CVE-2023-28125 | 2023-05-09 | An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the... |
| CVE-2023-28126 | 2023-05-09 | An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition... |
| CVE-2023-28127 | 2023-05-09 | A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. |
| CVE-2023-28128 | 2023-05-09 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. |
| CVE-2023-28316 | 2023-05-09 | A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an... |
| CVE-2023-28317 | 2023-05-09 | A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. |
| CVE-2023-28318 | 2023-05-09 | A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior,... |
| CVE-2023-29092 | 2023-05-09 | An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Binding of a wrong resource can occur due... |
| CVE-2023-30056 | 2023-05-09 | A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie. |
| CVE-2023-30057 | 2023-05-09 | Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-30083 | 2023-05-09 | Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c. |
| CVE-2023-30084 | 2023-05-09 | An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c. |
| CVE-2023-30085 | 2023-05-09 | Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c. |
| CVE-2023-30086 | 2023-05-09 | Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. |
| CVE-2023-30087 | 2023-05-09 | Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c. |
| CVE-2023-30088 | 2023-05-09 | An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c. |
| CVE-2023-30237 | 2023-05-09 | CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe. |
| CVE-2023-31472 | 2023-05-09 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused... |
| CVE-2023-31474 | 2023-05-09 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a... |
| CVE-2023-31476 | 2023-05-09 | An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem,... |
| CVE-2023-31478 | 2023-05-09 | An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. |
| CVE-2023-31799 | 2023-05-09 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. |
| CVE-2023-31800 | 2023-05-09 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. |
| CVE-2023-31801 | 2023-05-09 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. |
| CVE-2023-31802 | 2023-05-09 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. |
| CVE-2023-31803 | 2023-05-09 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. |
| CVE-2023-31804 | 2023-05-09 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. |
| CVE-2023-31805 | 2023-05-09 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. |
| CVE-2023-31806 | 2023-05-09 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. |
| CVE-2023-31807 | 2023-05-09 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. |
| CVE-2023-31972 | 2023-05-09 | yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according... |
| CVE-2023-31974 | 2023-05-09 | yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according... |
| CVE-2023-31975 | 2023-05-09 | yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to... |
| CVE-2023-31976 | 2023-05-09 | libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c. |
| CVE-2023-31979 | 2023-05-09 | Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c. |
| CVE-2023-31981 | 2023-05-09 | Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c. |
| CVE-2023-31982 | 2023-05-09 | Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c. |
| CVE-2023-28762 | 2023-05-09 | Information Disclosure in SAP BusinessObjects Intelligence Platform |
| CVE-2023-28764 | 2023-05-09 | Information Disclosure vulnerability in SAP BusinessObjects Platform |
| CVE-2023-29188 | 2023-05-09 | Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI |
| CVE-2022-48232 | 2023-05-09 | In FM service , there is a possible missing params check. This could lead to local denial of service in FM service . |
| CVE-2022-48233 | 2023-05-09 | In FM service , there is a possible missing params check. This could lead to local denial of service in FM service . |
| CVE-2022-48234 | 2023-05-09 | In FM service , there is a possible missing params check. This could lead to local denial of service in FM service . |
| CVE-2022-47469 | 2023-05-09 | In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed. |
| CVE-2022-47470 | 2023-05-09 | In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed. |
| CVE-2022-47486 | 2023-05-09 | In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-47487 | 2023-05-09 | In thermal service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service local denial of service with... |
| CVE-2022-47488 | 2023-05-09 | In spipe drive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-47490 | 2023-05-09 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-47492 | 2023-05-09 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-47493 | 2023-05-09 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48231 | 2023-05-09 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-47489 | 2023-05-09 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-47491 | 2023-05-09 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-47494 | 2023-05-09 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-47495 | 2023-05-09 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-47496 | 2023-05-09 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-47497 | 2023-05-09 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-47498 | 2023-05-09 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-47499 | 2023-05-09 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48235 | 2023-05-09 | In MP3 encoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48236 | 2023-05-09 | In MP3 encoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48237 | 2023-05-09 | In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |