CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-2695 | A vulnerability was found in SourceCodester Online Exam System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /kelas/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228976. | May 14, 2023. 11:15:00 | [vuldb.com][github.com] |
| CVE-2023-2696 | A vulnerability was found in SourceCodester Online Exam System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /matkul/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228977 was assigned to this vulnerability. | May 14, 2023. 11:15:00 | [github.com][vuldb.com] |
| CVE-2023-2694 | A vulnerability was found in SourceCodester Online Exam System 1.0. It has been classified as critical. This affects an unknown part of the file /dosen/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228975. | May 14, 2023. 10:15:00 | [vuldb.com][github.com] |
| CVE-2023-2691 | A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/add_item.php of the component POST Parameter Handler. The manipulation of the argument item_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228972. | May 14, 2023. 09:15:00 | [vuldb.com][github.com] |
| CVE-2023-2692 | A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/room_info.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228973 was assigned to this vulnerability. | May 14, 2023. 09:15:00 | [github.com][vuldb.com] |
| CVE-2023-2693 | A vulnerability was found in SourceCodester Online Exam System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mahasiswa/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228974 is the identifier assigned to this vulnerability. | May 14, 2023. 09:15:00 | [vuldb.com][vuldb.com] |
| CVE-2023-2689 | A vulnerability classified as critical was found in SourceCodester Billing Management System 1.0. This vulnerability affects unknown code of the file editproduct.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228970 is the identifier assigned to this vulnerability. | May 14, 2023. 08:15:00 | [github.com][vuldb.com] |
| CVE-2023-2690 | A vulnerability, which was classified as critical, has been found in SourceCodester Personnel Property Equipment System 1.0. This issue affects some unknown processing of the file admin/returned_reuse_form.php of the component GET Parameter Handler. The manipulation of the argument client_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228971. | May 14, 2023. 08:15:00 | [github.com][vuldb.com] |
| CVE-2020-27813 | An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. | May 14, 2023. 01:15:00 | [bugzilla.redhat.com][github.com] |
| CVE-2023-31436 | qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. | May 14, 2023. 00:15:00 | [github.com][cdn.kernel.org] |
| CVE-2023-0386 | A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. | May 14, 2023. 00:15:00 | [git.kernel.org][security.netapp.com] |
| CVE-2023-27951 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper | May 13, 2023. 02:20:00 | [support.apple.com][support.apple.com] |
| CVE-2023-27952 | A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks | May 13, 2023. 02:17:00 | [support.apple.com] |
| CVE-2023-27933 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges | May 13, 2023. 02:12:00 | [support.apple.com][support.apple.com] |
| CVE-2023-28180 | A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service | May 13, 2023. 01:55:00 | [support.apple.com] |
| CVE-2023-27944 | This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break out of its sandbox | May 13, 2023. 01:54:00 | [support.apple.com][support.apple.com] |
| CVE-2023-28190 | A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data | May 13, 2023. 01:46:00 | [support.apple.com] |
| CVE-2023-28200 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory | May 13, 2023. 01:34:00 | [support.apple.com][support.apple.com] |
| CVE-2023-28192 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information | May 13, 2023. 01:30:00 | [support.apple.com][support.apple.com] |
| CVE-2023-28189 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to view sensitive information | May 13, 2023. 01:26:00 | [support.apple.com][support.apple.com] |
Page 99 of 129
