CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-29961 | D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup, | May 16, 2023. 01:15:00 | [www.dlink.com][github.com] |
| CVE-2023-26081 | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | May 16, 2023. 00:15:00 | [github.com][gitlab.gnome.org] |
| CVE-2023-32233 | In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. | May 15, 2023. 21:15:00 | [github.com][git.kernel.org] |
| CVE-2023-32309 | PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax `--8<--"/etc/passwd"` or `--8<--"/proc/self/environ"` the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to render the content of a file outside the specified base paths: `--8<-- "../../../../etc/passwd"`. Within the Snippets extension, there exists a `base_path` option but the implementation is vulnerable to Directory Traversal. The vulnerable section exists in `get_snippet_path(self, path)` lines 155 to 174 in snippets.py. Any readable file on the host where the plugin is executing may have its content exposed. This can impact any use of Snippets that exposes the use of Snippets to external users. It is never recommended to use Snippets to process user-facing, dynamic content. It is designed to process known content on the backend under the control of the host, but if someone were to accidentally enable it for user-facing content, undesired information could be exposed. This issue has been addressed in version 10.0. Users are advised to upgrade. Users unable to upgrade may restrict relative paths by filtering input. | May 15, 2023. 21:15:00 | [github.com][github.com] |
| CVE-2023-23789 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions. | May 15, 2023. 19:47:00 | [patchstack.com] |
| CVE-2023-23812 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <= 2.2.3 versions. | May 15, 2023. 19:47:00 | [patchstack.com] |
| CVE-2023-30746 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booqable Rental Software Booqable Rental plugin <= 2.4.15 versions. | May 15, 2023. 19:46:00 | [patchstack.com] |
| CVE-2022-33961 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WaspThemes Visual CSS Style Editor plugin <= 7.5.8 versions. | May 15, 2023. 19:45:00 | [patchstack.com] |
| CVE-2022-46817 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyzoo Flyzoo Chat plugin <= 2.3.3 versions. | May 15, 2023. 19:45:00 | [patchstack.com] |
| CVE-2023-22711 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <= 2.6.2 versions. | May 15, 2023. 19:44:00 | [patchstack.com] |
| CVE-2023-23701 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1 versions. | May 15, 2023. 19:43:00 | [patchstack.com] |
| CVE-2023-23788 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Florin Arjocu Custom More Link Complete plugin <= 1.4.1 versions. | May 15, 2023. 19:43:00 | [patchstack.com] |
| CVE-2023-28251 | Windows Driver Revocation List Security Feature Bypass Vulnerability | May 15, 2023. 19:40:00 | [msrc.microsoft.com] |
| CVE-2023-28283 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | May 15, 2023. 19:39:00 | [msrc.microsoft.com] |
| CVE-2023-28290 | Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability | May 15, 2023. 19:39:00 | [msrc.microsoft.com] |
| CVE-2023-29324 | Windows MSHTML Platform Security Feature Bypass Vulnerability | May 15, 2023. 19:37:00 | [msrc.microsoft.com] |
| CVE-2023-29325 | Windows OLE Remote Code Execution Vulnerability | May 15, 2023. 19:35:00 | [msrc.microsoft.com] |
| CVE-2023-29333 | Microsoft Access Denial of Service Vulnerability | May 15, 2023. 19:33:00 | [msrc.microsoft.com] |
| CVE-2023-29335 | Microsoft Word Security Feature Bypass Vulnerability | May 15, 2023. 19:32:00 | [msrc.microsoft.com] |
| CVE-2023-24942 | Remote Procedure Call Runtime Denial of Service Vulnerability | May 15, 2023. 19:29:00 | [msrc.microsoft.com] |
Page 93 of 129
