CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2022-47178 | Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin <= 8.4.7 versions. | May 30, 2023. 23:38:00 | [patchstack.com] |
| CVE-2022-39071 | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission. | May 30, 2023. 23:15:00 | [support.zte.com.cn] |
| CVE-2022-39074 | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission. | May 30, 2023. 23:15:00 | [support.zte.com.cn] |
| CVE-2022-39075 | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission. | May 30, 2023. 23:15:00 | [support.zte.com.cn] |
| CVE-2023-29726 | The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, the application triggers an OOM error and crashes, resulting in a persistent denial of service. | May 30, 2023. 23:15:00 | [github.com][play.google.com] |
| CVE-2023-29727 | The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause an escalation of privilege attack. | May 30, 2023. 23:15:00 | [play.google.com][github.com] |
| CVE-2023-29728 | The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack. | May 30, 2023. 23:15:00 | [github.com][play.google.com] |
| CVE-2023-29738 | An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files. | May 30, 2023. 23:15:00 | [play.google.com][play.google.com] |
| CVE-2023-29739 | An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. | May 30, 2023. 23:15:00 | [github.com][amdroidapp.com] |
| CVE-2023-29740 | An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database. | May 30, 2023. 23:15:00 | [github.com][amdroidapp.com] |
| CVE-2023-29741 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database. | May 30, 2023. 23:15:00 | [www.zmtqsh.com][play.google.com] |
| CVE-2023-29743 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. | May 30, 2023. 23:15:00 | [github.com][www.zmtqsh.com] |
| CVE-2023-2952 | XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file | May 30, 2023. 23:15:00 | [gitlab.com][gitlab.com] |
| CVE-2023-22654 | Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | May 30, 2023. 22:22:00 | [www.monitoring.especmic.co.jp][jvn.jp] |
| CVE-2023-23545 | Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | May 30, 2023. 22:21:00 | [www.monitoring.especmic.co.jp][jvn.jp] |
| CVE-2023-25946 | Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions. | May 30, 2023. 22:20:00 | [jvn.jp][qrio.me] |
| CVE-2023-27384 | Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. | May 30, 2023. 22:18:00 | [jvn.jp][cs.cybozu.co.jp] |
| CVE-2023-25953 | Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges. | May 30, 2023. 22:18:00 | [jvn.jp][line.worksmobile.com] |
| CVE-2023-2933 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-2929 | Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
Page 1 of 129
