CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2022-47499 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:29:00 | [www.unisoc.com] |
| CVE-2023-22703 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP Contact Form plugin <= 3.1.0 versions. | May 15, 2023. 11:15:00 | [patchstack.com] |
| CVE-2023-31408 | Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal user credentials that are stored in the user’s browsers local storage via cross-site-scripting attacks. | May 15, 2023. 11:15:00 | [sick.com][sick.com] |
| CVE-2023-31409 | Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests. | May 15, 2023. 11:15:00 | [sick.com][sick.com] |
| CVE-2022-47937 | ** UNSUPPORTED WHEN ASSIGNED ** Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. NOTE: This vulnerability only affects products that are no longer supported by the maintainer The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries. | May 15, 2023. 10:15:00 | [github.com][lists.apache.org] |
| CVE-2022-22508 | Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type. | May 15, 2023. 10:15:00 | [customers.codesys.com] |
| CVE-2022-47391 | In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service. | May 15, 2023. 10:15:00 | [customers.codesys.com] |
| CVE-2023-1698 | In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. | May 15, 2023. 09:15:00 | [cert.vde.com] |
| CVE-2023-2591 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | May 15, 2023. 06:15:00 | [huntr.dev][github.com] |
| CVE-2020-12069 | In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. | May 15, 2023. 06:15:00 | [cert.vde.com][cert.vde.com] |
| CVE-2023-32758 | giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep through 1.21.0, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package. | May 15, 2023. 04:15:00 | [github.com][pypi.org] |
| CVE-2023-27783 | An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. | May 15, 2023. 04:15:00 | [github.com][github.com] |
| CVE-2023-27784 | An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. | May 15, 2023. 04:15:00 | [github.com][lists.fedoraproject.org] |
| CVE-2023-27785 | An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. | May 15, 2023. 04:15:00 | [github.com][lists.fedoraproject.org] |
| CVE-2023-27786 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. | May 15, 2023. 04:15:00 | [github.com][github.com] |
| CVE-2023-27787 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. | May 15, 2023. 04:15:00 | [github.com][lists.fedoraproject.org] |
| CVE-2023-27788 | An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint. | May 15, 2023. 04:15:00 | [github.com][lists.fedoraproject.org] |
| CVE-2023-27789 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. | May 15, 2023. 04:15:00 | [github.com][github.com] |
| CVE-2023-24838 | HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator's credential. This credential can then be used to login PowerStation or Secure Shell to achieve remote code execution. | May 15, 2023. 03:15:00 | [www.twcert.org.tw] |
| CVE-2010-4645 | strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308. | May 15, 2023. 00:15:00 | [hal.archives-ouvertes.fr][www.securityfocus.com] |
Page 98 of 129
