CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-31490 | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. | May 16, 2023. 19:55:00 | [github.com] |
| CVE-2023-31489 | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. | May 16, 2023. 19:54:00 | [github.com] |
| CVE-2023-31476 | An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www). | May 16, 2023. 19:42:00 | [www.gl-inet.com][github.com] |
| CVE-2023-30019 | imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. | May 16, 2023. 19:33:00 | [breakandpray.com][github.com] |
| CVE-2022-46720 | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox | May 16, 2023. 19:32:00 | [support.apple.com][support.apple.com] |
| CVE-2023-23540 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | May 16, 2023. 19:23:00 | [support.apple.com][support.apple.com] |
| CVE-2023-31144 | Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4. | May 16, 2023. 19:22:00 | [github.com][github.com] |
| CVE-2023-23541 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts | May 16, 2023. 19:18:00 | [support.apple.com][support.apple.com] |
| CVE-2022-45846 | Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin < 5.6.9 versions. | May 16, 2023. 19:17:00 | [patchstack.com] |
| CVE-2023-31474 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. | May 16, 2023. 19:17:00 | [github.com][www.gl-inet.com] |
| CVE-2023-32999 | A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | May 16, 2023. 19:15:00 | [www.jenkins.io] |
| CVE-2023-2195 | A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL. | May 16, 2023. 19:15:00 | [www.jenkins.io] |
| CVE-2023-2631 | A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | May 16, 2023. 19:15:00 | [www.jenkins.io] |
| CVE-2022-47441 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions. | May 16, 2023. 19:07:00 | [patchstack.com] |
| CVE-2022-47587 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.5 versions. | May 16, 2023. 19:06:00 | [patchstack.com] |
| CVE-2022-47606 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Stephenson WP-CORS plugin <= 0.2.1 versions. | May 16, 2023. 19:06:00 | [patchstack.com] |
| CVE-2021-26356 | A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. | May 16, 2023. 19:01:00 | [www.amd.com][www.amd.com] |
| CVE-2023-2269 | A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. | May 16, 2023. 19:01:00 | [lore.kernel.org][lists.fedoraproject.org] |
| CVE-2023-32071 | XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. The easiest possible workaround is to edit file `<xwiki app>/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6f21ea61fe37e9e1ed97ef36f01. | May 16, 2023. 17:41:00 | [github.com][github.com] |
| CVE-2023-32069 | XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds. | May 16, 2023. 17:34:00 | [github.com][github.com] |
Page 88 of 129
