CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-2564 | OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | May 12, 2023. 14:43:00 | [github.com][huntr.dev] |
| CVE-2023-32290 | The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server. | May 12, 2023. 14:35:00 | [mailbox.org][news.ycombinator.com] |
| CVE-2022-48379 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | May 12, 2023. 14:33:00 | [www.unisoc.com] |
| CVE-2023-31806 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. | May 12, 2023. 14:31:00 | [chamilo.com][support.chamilo.org] |
| CVE-2023-0522 | The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | May 12, 2023. 13:33:00 | [wpscan.com] |
| CVE-2022-47518 | An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. | May 12, 2023. 13:31:00 | [lore.kernel.org][github.com] |
| CVE-2022-47519 | An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. | May 12, 2023. 13:31:00 | [lore.kernel.org][github.com] |
| CVE-2023-26605 | In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. | May 12, 2023. 13:31:00 | [lkml.org][security.netapp.com] |
| CVE-2022-35256 | The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | May 12, 2023. 13:30:00 | [hackerone.com][cert-portal.siemens.com] |
| CVE-2022-4696 | There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above | May 12, 2023. 13:30:00 | [kernel.dance][git.kernel.org] |
| CVE-2022-24122 | kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. | May 12, 2023. 13:28:00 | [www.openwall.com][git.kernel.org] |
| CVE-2022-3545 | A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. | May 12, 2023. 13:28:00 | [git.kernel.org][vuldb.com] |
| CVE-2022-4139 | An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. | May 12, 2023. 13:28:00 | [bugzilla.redhat.com][www.openwall.com] |
| CVE-2023-23444 | Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets. | May 12, 2023. 13:15:00 | [sick.com][sick.com] |
| CVE-2021-42008 | The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | May 12, 2023. 12:59:00 | [git.kernel.org][www.youtube.com] |
| CVE-2022-0492 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | May 12, 2023. 12:59:00 | [git.kernel.org][bugzilla.redhat.com] |
| CVE-2013-0169 | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | May 12, 2023. 12:58:00 | [www.openssl.org][polarssl.org] |
| CVE-2022-48383 | .In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | May 12, 2023. 12:54:00 | [www.unisoc.com] |
| CVE-2020-22334 | Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php. | May 12, 2023. 12:49:00 | [github.com][github.com] |
| CVE-2022-0108 | Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | May 12, 2023. 12:15:00 | [crbug.com][chromereleases.googleblog.com] |
Page 104 of 129
