CVE List - 2023 / May
Showing 601 - 700 of 2420 CVEs for May 2023 (Page 7 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-48238 | 2023-05-09 | In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48239 | 2023-05-09 | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48240 | 2023-05-09 | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48241 | 2023-05-09 | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48242 | 2023-05-09 | In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. |
| CVE-2022-48243 | 2023-05-09 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48244 | 2023-05-09 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48245 | 2023-05-09 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48246 | 2023-05-09 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48247 | 2023-05-09 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48248 | 2023-05-09 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48249 | 2023-05-09 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48250 | 2023-05-09 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48368 | 2023-05-09 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48369 | 2023-05-09 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48370 | 2023-05-09 | In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. |
| CVE-2022-48371 | 2023-05-09 | In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. |
| CVE-2022-48372 | 2023-05-09 | In bootcp service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48373 | 2023-05-09 | In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48374 | 2023-05-09 | In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48375 | 2023-05-09 | In contacts service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48376 | 2023-05-09 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48377 | 2023-05-09 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48378 | 2023-05-09 | In engineermode service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-48379 | 2023-05-09 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| CVE-2022-47340 | 2023-05-09 | In h265 codec firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution... |
| CVE-2022-48380 | 2023-05-09 | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges... |
| CVE-2022-48381 | 2023-05-09 | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges... |
| CVE-2022-48382 | 2023-05-09 | In log service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48383 | 2023-05-09 | .In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48384 | 2023-05-09 | In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48385 | 2023-05-09 | In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48386 | 2023-05-09 | the apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48387 | 2023-05-09 | the apipe driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-38685 | 2023-05-09 | In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed. |
| CVE-2022-39089 | 2023-05-09 | In mlog service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48388 | 2023-05-09 | In powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-44433 | 2023-05-09 | In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2022-48389 | 2023-05-09 | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges... |
| CVE-2022-47334 | 2023-05-09 | In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-47485 | 2023-05-09 | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges... |
| CVE-2022-44420 | 2023-05-09 | In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges. |
| CVE-2022-44419 | 2023-05-09 | In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges. |
| CVE-2023-30740 | 2023-05-09 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2023-30741 | 2023-05-09 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2023-30742 | 2023-05-09 | Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) |
| CVE-2023-30743 | 2023-05-09 | Improper Neutralization of Input in SAPUI5 |
| CVE-2023-30744 | 2023-05-09 | Improper access control during application start-up in SAP AS NetWeaver JAVA. |
| CVE-2023-31404 | 2023-05-09 | Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service) |
| CVE-2023-31406 | 2023-05-09 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2023-31407 | 2023-05-09 | Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation |
| CVE-2023-32111 | 2023-05-09 | Memory Corruption vulnerability in SAP PowerDesigner (Proxy) |
| CVE-2023-32113 | 2023-05-09 | Information Disclosure vulnerability in SAP GUI for Windows |
| CVE-2023-32112 | 2023-05-09 | Missing Authorization Check in Vendor Master Hierarchy |
| CVE-2022-4537 | 2023-05-09 | The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions... |
| CVE-2023-23863 | 2023-05-09 | WordPress TreePress – Easy Family Trees & Ancestor Profiles Plugin <= 2.0.22 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-41640 | 2023-05-09 | WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23793 | 2023-05-09 | WordPress Read More Without Refresh Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23664 | 2023-05-09 | WordPress ConvertBox Auto Embed WordPress plugin Plugin <= 1.0.19 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23883 | 2023-05-09 | WordPress WP Content Filter – Censor All Offensive Content From Your Site Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23884 | 2023-05-09 | WordPress Kanban Boards for WordPress Plugin <= 2.5.20 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23862 | 2023-05-09 | WordPress Vertical scroll recent post Plugin <= 14.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23732 | 2023-05-09 | WordPress Disqus Conditional Load Plugin <= 11.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23733 | 2023-05-09 | WordPress Lazy Social Comments Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23734 | 2023-05-09 | WordPress Userlike – WordPress Live Chat plugin Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24372 | 2023-05-09 | WordPress Simple Custom Author Profiles Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23647 | 2023-05-09 | WordPress Team Member Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-46822 | 2023-05-09 | WordPress WooCommerce JazzCash Gateway Plugin Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-46864 | 2023-05-09 | WordPress Woocommerce Custom Checkout Fields Editor With Drag & Drop Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-46858 | 2023-05-09 | WordPress Product Specifications for Woocommerce Plugin <= 0.6.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-46844 | 2023-05-09 | WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27407 | 2023-05-09 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command... |
| CVE-2023-27408 | 2023-05-09 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a... |
| CVE-2023-27409 | 2023-05-09 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the `deviceinfo` binary via the `mac` parameter. This could allow an... |
| CVE-2023-27410 | 2023-05-09 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with... |
| CVE-2023-28832 | 2023-05-09 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web... |
| CVE-2023-29103 | 2023-05-09 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7... |
| CVE-2023-29104 | 2023-05-09 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename... |
| CVE-2023-29105 | 2023-05-09 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7... |
| CVE-2023-29106 | 2023-05-09 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export... |
| CVE-2023-29107 | 2023-05-09 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export... |
| CVE-2023-29128 | 2023-05-09 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename... |
| CVE-2023-30898 | 2023-05-09 | A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions... |
| CVE-2023-30899 | 2023-05-09 | A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions... |
| CVE-2023-30985 | 2023-05-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Affected applications contain an out of... |
| CVE-2023-30986 | 2023-05-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Affected applications contain a memory corruption... |
| CVE-2023-2594 | 2023-05-09 | SourceCodester Food Ordering Management System Registration sql injection |
| CVE-2023-2595 | 2023-05-09 | SourceCodester Billing Management System POST Parameter ajax_service.php sql injection |
| CVE-2023-31126 | 2023-05-09 | Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml |
| CVE-2023-2596 | 2023-05-09 | SourceCodester Online Reviewer System GET Parameter user-update.php sql injection |
| CVE-2023-20046 | 2023-05-09 | A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to... |
| CVE-2023-31134 | 2023-05-09 | Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites |
| CVE-2023-20098 | 2023-05-09 | A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal... |
| CVE-2023-29460 | 2023-05-09 | Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability |
| CVE-2023-29461 | 2023-05-09 | Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability |
| CVE-2023-29462 | 2023-05-09 | Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability |
| CVE-2023-31136 | 2023-05-09 | PostgresNIO processes unencrypted bytes from man-in-the-middle |
| CVE-2023-31137 | 2023-05-09 | MaraDNS Integer Underflow Vulnerability in DNS Packet Decompression |
| CVE-2023-31138 | 2023-05-09 | DHIS2 Core vulnerable to Improper Access Control with PATCH requests |
| CVE-2023-31139 | 2023-05-09 | DHIS2 Core unrestricted session cookies with Personal Access Tokens |