CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2022-30181 | Azure Site Recovery Elevation of Privilege Vulnerability | May 17, 2023. 17:15:00 | [msrc.microsoft.com] |
| CVE-2023-2618 | A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548. | May 17, 2023. 15:54:00 | [github.com][github.com] |
| CVE-2023-2617 | A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547. | May 17, 2023. 15:52:00 | [vuldb.com][github.com] |
| CVE-2023-22441 | Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier | May 17, 2023. 15:37:00 | [www.seiko-sol.co.jp][www.seiko-sol.co.jp] |
| CVE-2023-30860 | WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue. | May 17, 2023. 15:15:00 | [github.com][youtu.be] |
| CVE-2023-30837 | Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8. | May 17, 2023. 15:11:00 | [github.com][github.com] |
| CVE-2023-28316 | A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled. | May 17, 2023. 14:55:00 | [hackerone.com] |
| CVE-2023-27973 | Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. | May 17, 2023. 14:53:00 | [support.hp.com] |
| CVE-2022-4008 | In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | May 17, 2023. 14:42:00 | [advisories.octopus.com] |
| CVE-2021-31711 | Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file. | May 17, 2023. 14:34:00 | [github.com] |
| CVE-2023-32066 | Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be executed in user browser on subsequent requests to week view. This issue is fixed in version 1.22.12.5783. As a workaround, use `htmlspecialchars` when calling `$field->setTitle` on line #245 in the `week.php` file, as happens in version 1.22.12.5783. | May 17, 2023. 13:57:00 | [github.com][github.com] |
| CVE-2023-2630 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | May 17, 2023. 13:16:00 | [github.com][huntr.dev] |
| CVE-2023-2656 | A vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228798 is the identifier assigned to this vulnerability. | May 17, 2023. 13:02:00 | [vuldb.com][vuldb.com] |
| CVE-2023-29284 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 17, 2023. 13:01:00 | [helpx.adobe.com] |
| CVE-2023-29285 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 17, 2023. 13:01:00 | [helpx.adobe.com] |
| CVE-2023-29286 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 17, 2023. 13:01:00 | [helpx.adobe.com] |
| CVE-2022-47129 | PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. | May 17, 2023. 13:00:00 | [gist.github.com][www.yuque.com] |
| CVE-2023-2657 | A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228799. | May 17, 2023. 12:59:00 | [vuldb.com][github.com] |
| CVE-2023-2658 | A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228800. | May 17, 2023. 12:58:00 | [vuldb.com][vuldb.com] |
| CVE-2023-22720 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions. | May 17, 2023. 12:58:00 | [patchstack.com] |
Page 82 of 129
