CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-30185 | CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. | May 11, 2023. 23:17:00 | [www.crmeb.com][github.com] |
| CVE-2023-29944 | Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench | May 11, 2023. 23:16:00 | [github.com][hacku.top] |
| CVE-2022-43866 | IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436. | May 11, 2023. 23:13:00 | [https][exchange.xforce.ibmcloud.com] |
| CVE-2020-4914 | IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290. | May 11, 2023. 23:12:00 | [exchange.xforce.ibmcloud.com][www.ibm.com] |
| CVE-2023-32269 | An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. | May 11, 2023. 23:04:00 | [cdn.kernel.org][github.com] |
| CVE-2023-29659 | A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. | May 11, 2023. 22:59:00 | [github.com][lists.fedoraproject.org] |
| CVE-2023-26285 | IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418. | May 11, 2023. 22:53:00 | [www.ibm.com][exchange.xforce.ibmcloud.com] |
| CVE-2023-29281 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 11, 2023. 22:15:00 | [helpx.adobe.com] |
| CVE-2023-29282 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 11, 2023. 22:15:00 | [helpx.adobe.com] |
| CVE-2023-29283 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 11, 2023. 22:15:00 | [helpx.adobe.com] |
| CVE-2023-31146 | Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue. | May 11, 2023. 21:15:00 | [github.com][github.com] |
| CVE-2023-31497 | Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system. | May 11, 2023. 21:15:00 | [github.com] |
| CVE-2023-32058 | Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8. | May 11, 2023. 21:15:00 | [github.com][github.com] |
| CVE-2020-18131 | Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5. | May 11, 2023. 20:38:00 | [github.com][github.com] |
| CVE-2020-21038 | Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php. | May 11, 2023. 20:38:00 | [github.com][github.com] |
| CVE-2023-27942 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data | May 11, 2023. 20:37:00 | [support.apple.com][support.apple.com] |
| CVE-2023-27938 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution | May 11, 2023. 20:36:00 | [support.apple.com] |
| CVE-2023-27936 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to cause unexpected system termination or write kernel memory | May 11, 2023. 20:36:00 | [support.apple.com][support.apple.com] |
| CVE-2023-27937 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution | May 11, 2023. 20:36:00 | [support.apple.com][support.apple.com] |
| CVE-2023-27941 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to disclose kernel memory | May 11, 2023. 20:36:00 | [support.apple.com][support.apple.com] |
Page 108 of 129
