CVE List - 2023 / May
Showing 801 - 900 of 2420 CVEs for May 2023 (Page 9 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-29930 | 2023-05-10 | An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server... |
| CVE-2023-30194 | 2023-05-10 | Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook(). |
| CVE-2023-30351 | 2023-05-10 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to... |
| CVE-2023-30352 | 2023-05-10 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed. |
| CVE-2023-30353 | 2023-05-10 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document. |
| CVE-2023-30354 | 2023-05-10 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be... |
| CVE-2023-30356 | 2023-05-10 | Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows attackers to update the device with crafted firmware |
| CVE-2023-31471 | 2023-05-10 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on... |
| CVE-2023-31555 | 2023-05-10 | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad. |
| CVE-2023-31556 | 2023-05-10 | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent. |
| CVE-2023-31566 | 2023-05-10 | Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). |
| CVE-2023-31567 | 2023-05-10 | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. |
| CVE-2023-31568 | 2023-05-10 | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4. |
| CVE-2023-31906 | 2023-05-10 | Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c. |
| CVE-2023-31907 | 2023-05-10 | Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c. |
| CVE-2023-31908 | 2023-05-10 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort. |
| CVE-2023-31910 | 2023-05-10 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c. |
| CVE-2023-32568 | 2023-05-10 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS... |
| CVE-2023-32569 | 2023-05-10 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the... |
| CVE-2023-32570 | 2023-05-10 | VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. |
| CVE-2023-32573 | 2023-05-10 | In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. |
| CVE-2023-26126 | 2023-05-10 | All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function. |
| CVE-2023-2617 | 2023-05-10 | OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference |
| CVE-2023-2618 | 2023-05-10 | OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak |
| CVE-2023-30777 | 2023-05-10 | WordPress Advanced Custom Fields / Advanced Custom Fields PRO plugins <= 6.1.5 vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2619 | 2023-05-10 | SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection |
| CVE-2023-24392 | 2023-05-10 | WordPress Full Width Banner Slider Wp Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28932 | 2023-05-10 | WordPress WPMobile.App Plugin <= 11.20 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23788 | 2023-05-10 | WordPress Custom More Link Complete Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23786 | 2023-05-10 | WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23789 | 2023-05-10 | WordPress Premmerce Redirect Manager Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23812 | 2023-05-10 | WordPress Enhanced WP Contact Form Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24418 | 2023-05-10 | WordPress Tiny carousel horizontal slider plus Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22711 | 2023-05-10 | WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23701 | 2023-05-10 | WordPress Easy Sign Up Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24406 | 2023-05-10 | WordPress Simple Popup Images Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29101 | 2023-05-10 | WordPress Betheme Theme <= 26.7.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22696 | 2023-05-10 | WordPress Affiliate Links Lite Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30746 | 2023-05-10 | WordPress Booqable Rental Plugin Plugin <= 2.4.15 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27419 | 2023-05-10 | WordPress Viable blog Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23873 | 2023-05-10 | WordPress BBSpoiler Plugin <= 2.01 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23794 | 2023-05-10 | WordPress Semalt Blocker Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27455 | 2023-05-10 | WordPress Update Image Tag Alt Attribute Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-32970 | 2023-05-10 | WordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-33961 | 2023-05-10 | WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.5.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-46819 | 2023-05-10 | WordPress Continuous announcement scroller Plugin <= 13.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-46817 | 2023-05-10 | WordPress Flyzoo Chat Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-46861 | 2023-05-10 | WordPress Login Page Styler Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47137 | 2023-05-10 | WordPress Ninja Tables Plugin <= 4.3.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47441 | 2023-05-10 | WordPress Charitable Plugin <= 1.7.0.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47436 | 2023-05-10 | WordPress Yatra Plugin <= 2.1.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47423 | 2023-05-10 | WordPress WP-dTree Plugin <= 4.4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-27856 | 2023-05-10 | WordPress Export All URLs Plugin <= 4.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47606 | 2023-05-10 | WordPress WP-CORS Plugin <= 0.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47600 | 2023-05-10 | WordPress Mass Email To users Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47590 | 2023-05-10 | WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47587 | 2023-05-10 | WordPress WP Search Analytics Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45846 | 2023-05-10 | WordPress Image Map Pro Plugin < 5.6.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-1732 | 2023-05-10 | Improper random reading in CIRCL |
| CVE-2023-28410 | 2023-05-10 | Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially... |
| CVE-2022-41982 | 2023-05-10 | Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-41658 | 2023-05-10 | Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-41687 | 2023-05-10 | Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation... |
| CVE-2022-41628 | 2023-05-10 | Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable... |
| CVE-2023-27382 | 2023-05-10 | Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation... |
| CVE-2022-46645 | 2023-05-10 | Uncontrolled resource consumption in the Intel(R) Smart Campus Android application before version 9.9 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2023-23569 | 2023-05-10 | Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2023-23580 | 2023-05-10 | Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access. |
| CVE-2023-23910 | 2023-05-10 | Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access. |
| CVE-2022-42878 | 2023-05-10 | Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2023-23909 | 2023-05-10 | Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2023-27386 | 2023-05-10 | Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-36339 | 2023-05-10 | Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of... |
| CVE-2022-34147 | 2023-05-10 | Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC... |
| CVE-2022-28699 | 2023-05-10 | Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-22312 | 2023-05-10 | Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-32766 | 2023-05-10 | Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-37327 | 2023-05-10 | Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro... |
| CVE-2023-25771 | 2023-05-10 | Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2022-32582 | 2023-05-10 | Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged... |
| CVE-2022-31477 | 2023-05-10 | Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-32577 | 2023-05-10 | Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local... |
| CVE-2022-29919 | 2023-05-10 | Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-30338 | 2023-05-10 | Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-29508 | 2023-05-10 | Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-25976 | 2023-05-10 | Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-37409 | 2023-05-10 | Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-41646 | 2023-05-10 | Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access. |
| CVE-2022-40974 | 2023-05-10 | Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-21804 | 2023-05-10 | Out-of-bounds write in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-21239 | 2023-05-10 | Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-41808 | 2023-05-10 | Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-40971 | 2023-05-10 | Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-21162 | 2023-05-10 | Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-46656 | 2023-05-10 | Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-36391 | 2023-05-10 | Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-34848 | 2023-05-10 | Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-34855 | 2023-05-10 | Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-32578 | 2023-05-10 | Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-41690 | 2023-05-10 | Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access. |