CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2022-48250 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | May 11, 2023. 06:53:00 | [www.unisoc.com] |
| CVE-2022-48368 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | May 11, 2023. 06:53:00 | [www.unisoc.com] |
| CVE-2022-48233 | In FM service , there is a possible missing params check. This could lead to local denial of service in FM service . | May 11, 2023. 06:52:00 | [www.unisoc.com] |
| CVE-2022-48234 | In FM service , there is a possible missing params check. This could lead to local denial of service in FM service . | May 11, 2023. 06:52:00 | [www.unisoc.com] |
| CVE-2023-30943 | The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | May 11, 2023. 03:15:00 | [git.moodle.org][moodle.org] |
| CVE-2023-30944 | The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. | May 11, 2023. 03:15:00 | [moodle.org][bugzilla.redhat.com] |
| CVE-2023-31223 | Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. | May 11, 2023. 02:15:00 | [dradisframework.com][excellium-services.com] |
| CVE-2023-21499 | Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. | May 11, 2023. 01:49:00 | [security.samsungmobile.com] |
| CVE-2023-21504 | Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | May 11, 2023. 01:46:00 | [security.samsungmobile.com] |
| CVE-2023-21503 | Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | May 11, 2023. 01:41:00 | [security.samsungmobile.com] |
| CVE-2023-21508 | Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. | May 11, 2023. 01:29:00 | [security.samsungmobile.com] |
| CVE-2023-21511 | Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. | May 11, 2023. 01:19:00 | [security.samsungmobile.com] |
| CVE-2023-21509 | Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. | May 11, 2023. 01:17:00 | [security.samsungmobile.com] |
| CVE-2023-21510 | Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. | May 11, 2023. 01:11:00 | [security.samsungmobile.com] |
| CVE-2022-29841 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119. | May 10, 2023. 22:15:00 | [www.westerndigital.com] |
| CVE-2023-22640 | A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. | May 10, 2023. 21:10:00 | [fortiguard.com] |
| CVE-2023-30328 | An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use. | May 10, 2023. 21:03:00 | [github.com][raw.githubusercontent.com] |
| CVE-2023-26203 | A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. | May 10, 2023. 20:44:00 | [fortiguard.com] |
| CVE-2023-27993 | A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. | May 10, 2023. 20:41:00 | [fortiguard.com] |
| CVE-2023-21495 | Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set. | May 10, 2023. 20:36:00 | [security.samsungmobile.com] |
Page 115 of 129
