CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-22787 | An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. | May 12, 2023. 15:58:00 | [www.arubanetworks.com] |
| CVE-2020-22755 | File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. | May 12, 2023. 15:38:00 | [github.com][github.com] |
| CVE-2020-23966 | SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. | May 12, 2023. 15:37:00 | [github.com][github.com] |
| CVE-2020-36065 | Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. | May 12, 2023. 15:36:00 | [github.com][github.com] |
| CVE-2021-27280 | OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected. | May 12, 2023. 15:36:00 | [github.com][github.com] |
| CVE-2021-28998 | File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. | May 12, 2023. 15:35:00 | [github.com][seclists.org] |
| CVE-2023-0280 | The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | May 12, 2023. 15:35:00 | [wpscan.com] |
| CVE-2022-38685 | In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed. | May 12, 2023. 15:30:00 | [www.unisoc.com] |
| CVE-2022-39089 | In mlog service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 12, 2023. 15:29:00 | [www.unisoc.com] |
| CVE-2022-44419 | In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges. | May 12, 2023. 15:28:00 | [www.unisoc.com] |
| CVE-2022-44420 | In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges. | May 12, 2023. 15:25:00 | [www.unisoc.com] |
| CVE-2023-1383 | An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. | May 12, 2023. 15:23:00 | [www.bitdefender.com] |
| CVE-2023-2575 | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. | May 12, 2023. 14:59:00 | [www.advantech.com][www.advantech.com] |
| CVE-2023-2573 | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request. | May 12, 2023. 14:58:00 | [www.advantech.com][www.advantech.com] |
| CVE-2023-2574 | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. | May 12, 2023. 14:58:00 | [www.advantech.com][www.advantech.com] |
| CVE-2022-48375 | In contacts service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | May 12, 2023. 14:55:00 | [www.unisoc.com] |
| CVE-2022-48377 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | May 12, 2023. 14:51:00 | [www.unisoc.com] |
| CVE-2023-21665 | Memory corruption in Graphics while importing a file. | May 12, 2023. 14:50:00 | [www.qualcomm.com] |
| CVE-2022-48376 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | May 12, 2023. 14:50:00 | [www.unisoc.com] |
| CVE-2022-48380 | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 12, 2023. 14:49:00 | [www.unisoc.com] |
Page 103 of 129
