CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 18, 2024. 23:40:31 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-22447 | Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access. | May 19, 2023. 17:03:00 | [www.intel.com] |
| CVE-2023-23573 | Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access. | May 19, 2023. 17:03:00 | [www.intel.com] |
| CVE-2023-25179 | Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access. | May 19, 2023. 17:03:00 | [www.intel.com] |
| CVE-2022-46656 | Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | May 19, 2023. 17:02:00 | [www.intel.com] |
| CVE-2023-25772 | Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access. | May 19, 2023. 17:02:00 | [www.intel.com] |
| CVE-2023-27298 | Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access. | May 19, 2023. 17:02:00 | [www.intel.com] |
| CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability | May 19, 2023. 15:09:00 | [msrc.microsoft.com] |
| CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | May 19, 2023. 15:09:00 | [msrc.microsoft.com] |
| CVE-2023-23313 | Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. | May 19, 2023. 14:15:00 | [www.draytek.com][www.horizonconsulting.com] |
| CVE-2022-41998 | Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | May 19, 2023. 13:38:00 | [www.intel.com] |
| CVE-2022-41982 | Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | May 19, 2023. 13:38:00 | [www.intel.com] |
| CVE-2023-22355 | Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access. | May 19, 2023. 13:35:00 | [www.intel.com] |
| CVE-2022-35798 | Azure Arc Jumpstart Information Disclosure Vulnerability | May 19, 2023. 13:00:00 | [msrc.microsoft.com] |
| CVE-2023-1195 | A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. | May 19, 2023. 13:00:00 | [github.com] |
| CVE-2023-23557 | An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | May 19, 2023. 13:00:00 | [github.com][www.facebook.com] |
| CVE-2023-23759 | There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service). | May 19, 2023. 13:00:00 | [www.facebook.com][github.com] |
| CVE-2023-25933 | A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | May 19, 2023. 13:00:00 | [github.com][www.facebook.com] |
| CVE-2023-28081 | A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | May 19, 2023. 13:00:00 | [github.com][www.facebook.com] |
| CVE-2023-28753 | netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data. | May 19, 2023. 13:00:00 | [www.facebook.com][github.com] |
| CVE-2023-30470 | A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | May 19, 2023. 13:00:00 | [www.facebook.com][github.com] |
Page 1206 of 1261
