CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-2659 | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability. | May 17, 2023. 12:57:00 | [github.com][vuldb.com] |
| CVE-2023-2660 | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability. | May 17, 2023. 12:57:00 | [vuldb.com][github.com] |
| CVE-2023-2661 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803. | May 17, 2023. 12:56:00 | [github.com][vuldb.com] |
| CVE-2023-27918 | Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL. | May 17, 2023. 12:56:00 | [jvn.jp][wordpress.org] |
| CVE-2023-29791 | kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. | May 17, 2023. 12:54:00 | [blog.mo60.cn] |
| CVE-2023-27889 | Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page. | May 17, 2023. 12:54:00 | [jvn.jp][wordpress.org] |
| CVE-2023-2662 | In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. | May 17, 2023. 12:53:00 | [forum.xpdfreader.com] |
| CVE-2023-29273 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 17, 2023. 12:50:00 | [helpx.adobe.com] |
| CVE-2023-29274 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 17, 2023. 12:50:00 | [helpx.adobe.com] |
| CVE-2023-29275 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 17, 2023. 12:50:00 | [helpx.adobe.com] |
| CVE-2023-27385 | Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed. | May 17, 2023. 12:49:00 | [jvn.jp][www.ia.omron.com] |
| CVE-2023-29276 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 17, 2023. 12:49:00 | [helpx.adobe.com] |
| CVE-2023-29277 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 17, 2023. 12:49:00 | [helpx.adobe.com] |
| CVE-2023-29278 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 17, 2023. 12:49:00 | [helpx.adobe.com] |
| CVE-2023-29279 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 17, 2023. 12:49:00 | [helpx.adobe.com] |
| CVE-2023-29280 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 17, 2023. 12:49:00 | [helpx.adobe.com] |
| CVE-2022-32221 | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. | May 17, 2023. 09:15:00 | [hackerone.com][security.gentoo.org] |
| CVE-2023-2469 | ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | May 17, 2023. 08:15:00 | |
| CVE-2023-1764 | Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software. | May 17, 2023. 01:15:00 | [psirt.canon][psirt.canon] |
| CVE-2023-1763 | Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software. | May 17, 2023. 01:15:00 | [psirt.canon][psirt.canon] |
Page 83 of 129
