CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 13, 2024. 03:00:39 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-23494 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service | May 11, 2023. 17:10:00 | [support.apple.com] |
| CVE-2023-29354 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | May 11, 2023. 16:20:00 | [msrc.microsoft.com] |
| CVE-2023-29350 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | May 11, 2023. 16:19:00 | [msrc.microsoft.com] |
| CVE-2023-24788 | NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | May 11, 2023. 16:15:00 | [github.com][github.com] |
| CVE-2023-30096 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. | May 11, 2023. 16:15:00 | [github.com][www.edoardoottavianelli.it] |
| CVE-2023-30097 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field. | May 11, 2023. 16:15:00 | [www.edoardoottavianelli.it][github.com] |
| CVE-2023-30094 | A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module. | May 11, 2023. 16:15:00 | [github.com][www.edoardoottavianelli.it] |
| CVE-2023-30095 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field. | May 11, 2023. 16:15:00 | [github.com][www.edoardoottavianelli.it] |
| CVE-2023-30093 | A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard. | May 11, 2023. 16:15:00 | [www.edoardoottavianelli.it][www.youtube.com] |
| CVE-2023-24539 | Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. | May 11, 2023. 16:15:00 | [groups.google.com][go.dev] |
| CVE-2023-24540 | Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. | May 11, 2023. 16:15:00 | [groups.google.com][go.dev] |
| CVE-2023-29400 | Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. | May 11, 2023. 16:15:00 | [go.dev][groups.google.com] |
| CVE-2022-3162 | Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group. | May 11, 2023. 15:15:00 | [github.com][groups.google.com] |
| CVE-2023-1550 | Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring. | May 11, 2023. 15:15:00 | [my.f5.com][security.netapp.com] |
| CVE-2023-1652 | A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. | May 11, 2023. 15:15:00 | [access.redhat.com][security.netapp.com] |
| CVE-2023-29257 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011. | May 11, 2023. 15:15:00 | [www.ibm.com][exchange.xforce.ibmcloud.com] |
| CVE-2023-29255 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991. | May 11, 2023. 15:15:00 | [exchange.xforce.ibmcloud.com][www.ibm.com] |
| CVE-2023-25930 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862. | May 11, 2023. 15:15:00 | [exchange.xforce.ibmcloud.com][https] |
| CVE-2023-27555 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187. | May 11, 2023. 15:15:00 | [www.ibm.com][exchange.xforce.ibmcloud.com] |
| CVE-2023-26022 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868. | May 11, 2023. 15:15:00 | [exchange.xforce.ibmcloud.com][www.ibm.com] |
Page 1326 of 1342
