Lista CVE - 2023 / Gennaio
Visualizzazione 1001 - 1100 di 2351 CVE per Gennaio 2023 (Pagina 11 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-2155 | 2023-01-12 | A vulnerability exists in the Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role. |
| CVE-2023-0243 | 2023-01-12 | TuziCMS Article Module ArticleController.class.php index sql injection |
| CVE-2023-0244 | 2023-01-12 | TuziCMS KefuController.class.php delall sql injection |
| CVE-2023-0245 | 2023-01-12 | SourceCodester Online Flight Booking Management System add_contestant.php sql injection |
| CVE-2023-0246 | 2023-01-12 | earclink ESPCMS Content cross site scripting |
| CVE-2012-10005 | 2023-01-12 | manikandan170890 php-form-builder-class Textarea Textarea.php cross site scripting |
| CVE-2013-10011 | 2023-01-12 | aeharding classroom-engagement-system sql injection |
| CVE-2022-43591 | 2023-01-12 | A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to... |
| CVE-2022-40983 | 2023-01-12 | An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can... |
| CVE-2023-0254 | 2023-01-12 | The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on... |
| CVE-2023-22488 | 2023-01-12 | Missing authorization in Flarum |
| CVE-2022-42268 | 2023-01-12 | Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description... |
| CVE-2023-0256 | 2023-01-12 | SourceCodester Online Food Ordering System Login Page sql injection |
| CVE-2023-0257 | 2023-01-12 | SourceCodester Online Food Ordering System Menu Form unrestricted upload |
| CVE-2023-0258 | 2023-01-12 | SourceCodester Online Food Ordering System Category List cross site scripting |
| CVE-2022-42272 | 2023-01-12 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges. |
| CVE-2022-42273 | 2023-01-12 | NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. |
| CVE-2023-22597 | 2023-01-12 | InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to... |
| CVE-2023-22598 | 2023-01-12 | InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS... |
| CVE-2023-22599 | 2023-01-12 | InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send... |
| CVE-2023-22600 | 2023-01-12 | InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT... |
| CVE-2023-22601 | 2023-01-12 | InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT... |
| CVE-2022-41778 | 2023-01-12 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute... |
| CVE-2022-4616 | 2023-01-12 | The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files,... |
| CVE-2021-36204 | 2023-01-13 | Insufficiently Protected Credentials in Metasys |
| CVE-2021-46872 | 2023-01-13 | An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus... |
| CVE-2022-3693 | 2023-01-13 | Path traversal in FileOrbis File Management System |
| CVE-2022-42136 | 2023-01-13 | Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to... |
| CVE-2022-45299 | 2023-01-13 | An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. |
| CVE-2022-46093 | 2023-01-13 | Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password. |
| CVE-2022-46471 | 2023-01-13 | Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php. |
| CVE-2022-46478 | 2023-01-13 | The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data. |
| CVE-2022-46502 | 2023-01-13 | Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. |
| CVE-2022-46946 | 2023-01-13 | Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand. |
| CVE-2022-46947 | 2023-01-13 | Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. |
| CVE-2022-46949 | 2023-01-13 | Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet. |
| CVE-2022-46950 | 2023-01-13 | Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window. |
| CVE-2022-46951 | 2023-01-13 | Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads. |
| CVE-2022-46952 | 2023-01-13 | Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user. |
| CVE-2022-46953 | 2023-01-13 | Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window. |
| CVE-2022-46954 | 2023-01-13 | Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction. |
| CVE-2022-46955 | 2023-01-13 | Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue. |
| CVE-2022-46956 | 2023-01-13 | Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. |
| CVE-2022-48090 | 2023-01-13 | Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php. |
| CVE-2022-48091 | 2023-01-13 | Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php. |
| CVE-2022-48256 | 2023-01-13 | Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records. |
| CVE-2022-48257 | 2023-01-13 | In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. |
| CVE-2022-48258 | 2023-01-13 | In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles. |
| CVE-2023-0288 | 2023-01-13 | Heap-based Buffer Overflow in vim/vim |
| CVE-2023-0289 | 2023-01-13 | Cross-site Scripting (XSS) - Stored in craigk5n/webcalendar |
| CVE-2023-21587 | 2023-01-13 | Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-21588 | 2023-01-13 | Adobe InDesign Improper Input Validation Remote Code Execution Vulnerability |
| CVE-2023-21589 | 2023-01-13 | Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-21590 | 2023-01-13 | Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-21591 | 2023-01-13 | Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-21592 | 2023-01-13 | Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-21594 | 2023-01-13 | Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-21595 | 2023-01-13 | Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-21596 | 2023-01-13 | Adobe InCopy Improper Input Validation Remote Code Execution Vulnerability |
| CVE-2023-21597 | 2023-01-13 | Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-21598 | 2023-01-13 | Adobe InCopy Font Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2023-21599 | 2023-01-13 | Adobe InCopy Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-23559 | 2023-01-13 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. |
| CVE-2023-23566 | 2023-01-13 | A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service... |
| CVE-2022-42274 | 2023-01-13 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. |
| CVE-2022-42275 | 2023-01-13 | NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service. |
| CVE-2022-3159 | 2023-01-13 | The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of... |
| CVE-2022-3160 | 2023-01-13 | The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the... |
| CVE-2022-3161 | 2023-01-13 | The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. |
| CVE-2022-42276 | 2023-01-13 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution,... |
| CVE-2022-42277 | 2023-01-13 | NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution,... |
| CVE-2022-42278 | 2023-01-13 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which... |
| CVE-2022-42279 | 2023-01-13 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and... |
| CVE-2022-42280 | 2023-01-13 | NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. |
| CVE-2022-42281 | 2023-01-13 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution,... |
| CVE-2022-42282 | 2023-01-13 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure. |
| CVE-2022-42283 | 2023-01-13 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. |
| CVE-2022-42284 | 2023-01-13 | NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure. |
| CVE-2022-42285 | 2023-01-13 | DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges,... |
| CVE-2022-42286 | 2023-01-13 | DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges. |
| CVE-2022-42287 | 2023-01-13 | NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of... |
| CVE-2022-42288 | 2023-01-13 | NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. |
| CVE-2022-42289 | 2023-01-13 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and... |
| CVE-2022-42290 | 2023-01-13 | NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and... |
| CVE-2022-21191 | 2023-01-13 | Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. |
| CVE-2023-0281 | 2023-01-13 | SourceCodester Online Flight Booking Management System judge_panel.php sql injection |
| CVE-2023-0283 | 2023-01-13 | SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injection |
| CVE-2023-0287 | 2023-01-13 | ityouknow favorites-web Comment cross site scripting |
| CVE-2023-22493 | 2023-01-13 | RSSHub is vulnerable to SSRF (Server-Side Request Forgery) |
| CVE-2023-0221 | 2023-01-13 | Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. |
| CVE-2021-4312 | 2023-01-13 | Th3-822 Rapidleech zip.php zip_go cross site scripting |
| CVE-2009-10001 | 2023-01-13 | jianlinwei cool-php-captcha example-form.php cross site scripting |
| CVE-2009-10002 | 2023-01-13 | dpup fittr-flickr EXIF Preview easy-exif.js cross site scripting |
| CVE-2023-22489 | 2023-01-13 | Flarum is missing authorization in discussion replies |
| CVE-2023-22491 | 2023-01-13 | gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection |
| CVE-2015-10040 | 2023-01-13 | gitlearn Escape Sequence config.sh getOutOf injection |
| CVE-2015-10041 | 2023-01-13 | Dovgalyuk AIBattle procedures.php sendComments sql injection |
| CVE-2023-0293 | 2023-01-13 | The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including,... |
| CVE-2023-0294 | 2023-01-13 | The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce... |
| CVE-2023-0295 | 2023-01-13 | The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and... |