CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-27961 | Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information | May 13, 2023. 01:22:00 | [support.apple.com][support.apple.com] |
| CVE-2023-27958 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory | May 13, 2023. 01:19:00 | [support.apple.com][support.apple.com] |
| CVE-2023-27946 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | May 13, 2023. 01:17:00 | [support.apple.com][support.apple.com] |
| CVE-2023-27949 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | May 13, 2023. 01:16:00 | [support.apple.com][support.apple.com] |
| CVE-2023-20877 | VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | May 12, 2023. 21:15:00 | [www.vmware.com] |
| CVE-2023-20878 | VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | May 12, 2023. 21:15:00 | [www.vmware.com] |
| CVE-2023-20879 | VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. | May 12, 2023. 21:15:00 | [www.vmware.com] |
| CVE-2023-20880 | VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | May 12, 2023. 21:15:00 | [www.vmware.com] |
| CVE-2023-25005 | A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability. | May 12, 2023. 21:15:00 | [www.autodesk.com] |
| CVE-2023-2088 | A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality. | May 12, 2023. 21:15:00 | [bugs.launchpad.net] |
| CVE-2023-28762 | SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable. | May 12, 2023. 20:45:00 | [www.sap.com][launchpad.support.sap.com] |
| CVE-2023-28764 | SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system. | May 12, 2023. 20:44:00 | [i7p.wdf.sap.corp][www.sap.com] |
| CVE-2023-29188 | SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data. | May 12, 2023. 20:38:00 | [www.sap.com][i7p.wdf.sap.corp] |
| CVE-2023-31180 | WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request. | May 12, 2023. 20:30:00 | [www.gov.il] |
| CVE-2023-31181 | WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal | May 12, 2023. 20:30:00 | [www.gov.il] |
| CVE-2023-30787 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. | May 12, 2023. 19:57:00 | [www.monicahq.com][fluidattacks.com] |
| CVE-2023-30788 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter. | May 12, 2023. 19:57:00 | [www.monicahq.com][fluidattacks.com] |
| CVE-2023-30789 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. | May 12, 2023. 19:57:00 | [www.monicahq.com][fluidattacks.com] |
| CVE-2023-30790 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. | May 12, 2023. 19:57:00 | [www.monicahq.com][fluidattacks.com] |
| CVE-2023-27968 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory | May 12, 2023. 19:47:00 | [support.apple.com] |
Page 100 of 129
