CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-26118 | Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | May 30, 2023. 17:20:00 | [stackblitz.com][security.snyk.io] |
| CVE-2023-26116 | Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | May 30, 2023. 17:18:00 | [stackblitz.com][security.snyk.io] |
| CVE-2023-28755 | A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. | May 30, 2023. 17:17:00 | [github.com][www.ruby-lang.org] |
| CVE-2023-28756 | A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. | May 30, 2023. 17:17:00 | [www.ruby-lang.org][www.ruby-lang.org] |
| CVE-2022-48303 | GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. | May 30, 2023. 17:16:00 | [savannah.gnu.org][savannah.gnu.org] |
| CVE-2023-2859 | Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | May 30, 2023. 17:11:00 | [huntr.dev][github.com] |
| CVE-2023-33937 | Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field. | May 30, 2023. 17:03:00 | [liferay.dev] |
| CVE-2023-27387 | Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | May 30, 2023. 17:01:00 | [www.monitoring.especmic.co.jp][jvn.jp] |
| CVE-2023-27388 | Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | May 30, 2023. 16:58:00 | [www.monitoring.especmic.co.jp][jvn.jp] |
| CVE-2023-28392 | Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | May 30, 2023. 16:58:00 | [www.inaba.co.jp][jvn.jp] |
| CVE-2023-28394 | Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well. | May 30, 2023. 16:56:00 | [jvn.jp][www.beekeeperstudio.io] |
| CVE-2023-28412 | When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information. | May 30, 2023. 15:59:00 | [www.cisa.gov][www.control4.com] |
| CVE-2023-28367 | Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. | May 30, 2023. 15:55:00 | [www.vektor-inc.co.jp][jvn.jp] |
| CVE-2023-27925 | Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | May 30, 2023. 15:49:00 | [www.vektor-inc.co.jp][jvn.jp] |
| CVE-2023-27926 | Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. | May 30, 2023. 15:49:00 | [www.vektor-inc.co.jp][jvn.jp] |
| CVE-2023-27922 | Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. | May 30, 2023. 15:48:00 | [jvn.jp][wordpress.org] |
| CVE-2023-27923 | Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | May 30, 2023. 15:48:00 | [www.vektor-inc.co.jp][jvn.jp] |
| CVE-2023-27921 | JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker. | May 30, 2023. 15:47:00 | [jvn.jp][jinsmeme.com] |
| CVE-2023-27920 | Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. | May 30, 2023. 15:41:00 | [www.contec.com][www.contec.com] |
| CVE-2023-27514 | OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. | May 30, 2023. 15:40:00 | [www.contec.com][www.contec.com] |
Page 7 of 129
