CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-2523 | A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | May 10, 2023. 19:06:00 | [github.com][vuldb.com] |
| CVE-2023-28656 | NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:56:00 | [my.f5.com] |
| CVE-2023-28724 | NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:53:00 | [my.f5.com] |
| CVE-2023-29163 | When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:47:00 | [my.f5.com] |
| CVE-2023-28742 | When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:46:00 | [my.f5.com] |
| CVE-2023-29868 | Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions. | May 10, 2023. 18:45:00 | [zammad.com] |
| CVE-2023-28406 | A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:44:00 | [my.f5.com] |
| CVE-2023-27378 | Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:42:00 | [my.f5.com] |
| CVE-2023-24594 | When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:41:00 | [my.f5.com] |
| CVE-2023-24461 | An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:29:00 | [my.f5.com] |
| CVE-2023-22372 | In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 10, 2023. 18:28:00 | [my.f5.com] |
| CVE-2023-21493 | Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data. | May 10, 2023. 18:26:00 | [security.samsungmobile.com] |
| CVE-2023-21490 | Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. | May 10, 2023. 18:25:00 | [security.samsungmobile.com] |
| CVE-2023-21491 | Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege. | May 10, 2023. 18:25:00 | [security.samsungmobile.com] |
| CVE-2023-21492 | Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | May 10, 2023. 18:25:00 | [security.samsungmobile.com] |
| CVE-2023-29856 | ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary. | May 10, 2023. 17:26:00 | [www.dlink.com][supportannouncement.us.dlink.com] |
| CVE-2023-29867 | Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API. | May 10, 2023. 17:26:00 | [zammad.com] |
| CVE-2022-4568 | A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. | May 10, 2023. 17:21:00 | [support.lenovo.com] |
| CVE-2022-48482 | 3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. | May 10, 2023. 17:11:00 | [medium.com][www.3cx.com] |
| CVE-2023-31566 | Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). | May 10, 2023. 17:06:00 | [github.com] |
Page 117 of 129
