CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 13, 2024. 03:00:39 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2022-31477 | Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | May 10, 2023. 14:38:00 | [www.intel.com] |
| CVE-2022-47875 | A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code. | May 10, 2023. 13:58:00 | [docs.syslifters.com][packetstormsecurity.com] |
| CVE-2022-47876 | The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. | May 10, 2023. 13:54:00 | [docs.syslifters.com][packetstormsecurity.com] |
| CVE-2023-28092 | A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis. | May 10, 2023. 13:51:00 | [support.hpe.com] |
| CVE-2023-25492 | A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. | May 10, 2023. 13:37:00 | [support.lenovo.com] |
| CVE-2023-0683 | A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. | May 10, 2023. 13:24:00 | [support.lenovo.com] |
| CVE-2023-32568 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration. | May 10, 2023. 13:06:00 | [www.veritas.com] |
| CVE-2023-26126 | All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function. | May 10, 2023. 13:06:00 | [security.snyk.io][gist.github.com] |
| CVE-2023-2616 | Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | May 10, 2023. 13:06:00 | [github.com][huntr.dev] |
| CVE-2023-32569 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database. | May 10, 2023. 13:06:00 | [www.veritas.com] |
| CVE-2023-23578 | Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port. | May 10, 2023. 13:06:00 | [www.seiko-sol.co.jp][www.seiko-sol.co.jp] |
| CVE-2022-46819 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Continuous announcement scroller plugin <= 13.0 versions. | May 10, 2023. 13:06:00 | [patchstack.com] |
| CVE-2022-46861 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia Imtiaz Custom Login Page Styler for WordPress plugin <= 6.2 versions. | May 10, 2023. 13:06:00 | [patchstack.com] |
| CVE-2022-47423 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | May 10, 2023. 13:06:00 | [patchstack.com] |
| CVE-2022-47590 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. | May 10, 2023. 13:06:00 | [patchstack.com] |
| CVE-2022-47600 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <= 1.1.4 versions. | May 10, 2023. 13:06:00 | [patchstack.com] |
| CVE-2023-1732 | When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20. | May 10, 2023. 13:06:00 | [github.com] |
| CVE-2023-23901 | Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product. | May 10, 2023. 06:15:00 | [www.seiko-sol.co.jp][www.seiko-sol.co.jp] |
| CVE-2023-23906 | Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product. | May 10, 2023. 06:15:00 | [www.seiko-sol.co.jp][www.seiko-sol.co.jp] |
| CVE-2023-24586 | Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product. | May 10, 2023. 06:15:00 | [www.seiko-sol.co.jp][www.seiko-sol.co.jp] |
Page 1332 of 1342
