CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-31140 | OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication (2FA) device for an account, existing logged in sessions for that user account are not terminated. Likewise, if an administrators creates a mobile phone 2FA device on behalf of a user, their existing sessions are not terminated. The issue has been resolved in OpenProject version 12.5.4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround, users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround. | May 8, 2023. 21:15:00 | [www.openproject.org][github.com] |
| CVE-2023-31141 | OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue. | May 8, 2023. 21:15:00 | [github.com] |
| CVE-2023-31182 | EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method. | May 8, 2023. 21:15:00 | [www.gov.il] |
| CVE-2023-29950 | swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c | May 8, 2023. 20:22:00 | [github.com] |
| CVE-2023-2349 | A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592. | May 8, 2023. 20:21:00 | [github.com][vuldb.com] |
| CVE-2023-2350 | A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability. | May 8, 2023. 20:21:00 | [github.com][vuldb.com] |
| CVE-2022-32822 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | May 8, 2023. 20:15:00 | |
| CVE-2022-32856 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | May 8, 2023. 20:15:00 | |
| CVE-2022-32804 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | May 8, 2023. 20:15:00 | |
| CVE-2022-32808 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | May 8, 2023. 20:15:00 | |
| CVE-2023-26064 | Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write. | May 8, 2023. 19:49:00 | [publications.lexmark.com][support.lexmark.com] |
| CVE-2023-26063 | Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. | May 8, 2023. 19:42:00 | [publications.lexmark.com][support.lexmark.com] |
| CVE-2023-29815 | mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF). | May 8, 2023. 18:47:00 | [github.com] |
| CVE-2023-20853 | aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service. | May 8, 2023. 18:45:00 | [www.twcert.org.tw] |
| CVE-2023-2335 | Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0. | May 8, 2023. 18:42:00 | [www.42gears.com] |
| CVE-2023-26070 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). | May 8, 2023. 18:39:00 | [publications.lexmark.com][support.lexmark.com] |
| CVE-2023-1786 | Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. | May 8, 2023. 18:38:00 | [bugs.launchpad.net][ubuntu.com] |
| CVE-2023-1778 | This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | May 8, 2023. 18:34:00 | [www.cert-in.org.in] |
| CVE-2023-28770 | The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. | May 8, 2023. 18:27:00 | [www.zyxel.com] |
| CVE-2023-2327 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | May 8, 2023. 18:25:00 | [github.com][huntr.dev] |
Page 124 of 129
