CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-23494 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service | May 11, 2023. 17:10:00 | [support.apple.com] |
| CVE-2023-29354 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | May 11, 2023. 16:20:00 | [msrc.microsoft.com] |
| CVE-2023-29350 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | May 11, 2023. 16:19:00 | [msrc.microsoft.com] |
| CVE-2023-24788 | NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | May 11, 2023. 16:15:00 | [github.com][github.com] |
| CVE-2023-30096 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. | May 11, 2023. 16:15:00 | [github.com][www.edoardoottavianelli.it] |
| CVE-2023-30097 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field. | May 11, 2023. 16:15:00 | [www.edoardoottavianelli.it][github.com] |
| CVE-2023-30094 | A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module. | May 11, 2023. 16:15:00 | [github.com][www.edoardoottavianelli.it] |
| CVE-2023-30095 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field. | May 11, 2023. 16:15:00 | [github.com][www.edoardoottavianelli.it] |
| CVE-2023-30093 | A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard. | May 11, 2023. 16:15:00 | [www.edoardoottavianelli.it][www.youtube.com] |
| CVE-2023-24539 | Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. | May 11, 2023. 16:15:00 | [groups.google.com][go.dev] |
| CVE-2023-24540 | Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. | May 11, 2023. 16:15:00 | [groups.google.com][go.dev] |
| CVE-2023-29400 | Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. | May 11, 2023. 16:15:00 | [go.dev][groups.google.com] |
| CVE-2022-3162 | Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group. | May 11, 2023. 15:15:00 | [github.com][groups.google.com] |
| CVE-2023-1544 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. | May 11, 2023. 15:15:00 | [lists.nongnu.org][bugzilla.redhat.com] |
| CVE-2023-1077 | In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. | May 11, 2023. 15:15:00 | [git.kernel.org][lists.debian.org] |
| CVE-2023-1380 | A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. | May 11, 2023. 15:15:00 | [www.openwall.com][bugzilla.redhat.com] |
| CVE-2023-0179 | A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. | May 11, 2023. 15:15:00 | [bugzilla.redhat.com][seclists.org] |
| CVE-2023-1550 | Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring. | May 11, 2023. 15:15:00 | [my.f5.com][security.netapp.com] |
| CVE-2023-1652 | A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. | May 11, 2023. 15:15:00 | [access.redhat.com][security.netapp.com] |
| CVE-2023-1579 | Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. | May 11, 2023. 15:15:00 | [sourceware.org][security.netapp.com] |
Page 112 of 129
