CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-27935 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code execution | May 11, 2023. 20:35:00 | [support.apple.com][support.apple.com] |
| CVE-2023-27934 | A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution | May 11, 2023. 20:35:00 | [support.apple.com] |
| CVE-2022-48371 | In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | May 11, 2023. 20:35:00 | [www.unisoc.com] |
| CVE-2022-48238 | In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 11, 2023. 20:34:00 | [www.unisoc.com] |
| CVE-2022-48239 | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 11, 2023. 20:34:00 | [www.unisoc.com] |
| CVE-2022-48240 | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 11, 2023. 20:34:00 | [www.unisoc.com] |
| CVE-2022-48374 | In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 11, 2023. 20:33:00 | [www.unisoc.com] |
| CVE-2022-48373 | In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 11, 2023. 20:32:00 | [www.unisoc.com] |
| CVE-2022-48372 | In bootcp service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 11, 2023. 20:17:00 | [www.unisoc.com] |
| CVE-2023-27554 | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. | May 11, 2023. 20:15:00 | [www.ibm.com][exchange.xforce.ibmcloud.com] |
| CVE-2023-27870 | IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518. | May 11, 2023. 20:15:00 | [https][www.ibm.com] |
| CVE-2023-29195 | Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server. | May 11, 2023. 20:15:00 | [github.com][github.com] |
| CVE-2023-32082 | etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds. | May 11, 2023. 20:15:00 | [github.com][github.com] |
| CVE-2022-48235 | In MP3 encoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 11, 2023. 20:01:00 | [www.unisoc.com] |
| CVE-2022-48236 | In MP3 encoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 11, 2023. 20:01:00 | [www.unisoc.com] |
| CVE-2022-48237 | In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 11, 2023. 19:20:00 | [www.unisoc.com] |
| CVE-2022-46081 | ** DISPUTED ** In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled product. | May 11, 2023. 19:15:00 | [www.samwallace.dev] |
| CVE-2023-1834 | Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports. | May 11, 2023. 19:15:00 | [rockwellautomation.custhelp.com] |
| CVE-2023-31183 | Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint. | May 11, 2023. 19:09:00 | [www.gov.il] |
| CVE-2023-23894 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions. | May 11, 2023. 19:08:00 | [patchstack.com] |
Page 109 of 129
