CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-2939 | Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-2932 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-2935 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-2936 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-2940 | Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-2953 | A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. | May 30, 2023. 22:15:00 | [bugs.openldap.org][access.redhat.com] |
| CVE-2023-33740 | Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message. | May 30, 2023. 22:15:00 | [github.com] |
| CVE-2023-34152 | A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. | May 30, 2023. 22:15:00 | [github.com][access.redhat.com] |
| CVE-2023-2930 | Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-2938 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-2931 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-2941 | Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-2934 | Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-2937 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | May 30, 2023. 22:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-33961 | Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist. | May 30, 2023. 22:15:00 | [github.com] |
| CVE-2023-2844 | Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | May 30, 2023. 21:57:00 | [huntr.dev][github.com] |
| CVE-2023-2845 | Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | May 30, 2023. 21:57:00 | [huntr.dev][github.com] |
| CVE-2023-31669 | WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote ("). | May 30, 2023. 21:56:00 | [github.com] |
| CVE-2023-30440 | IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175. | May 30, 2023. 21:54:00 | [www.ibm.com][exchange.xforce.ibmcloud.com] |
| CVE-2023-1837 | Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) | May 30, 2023. 21:53:00 | [www.hypr.com] |
Page 2 of 129
