Lista CVE - 2023 / Gennaio
Visualizzazione 1201 - 1300 di 2351 CVE per Gennaio 2023 (Pagina 13 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-4507 | 2023-01-16 | Real Cookie Banner < 3.4.10 - Contributor+ Stored XSS |
| CVE-2022-4655 | 2023-01-16 | Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4481 | 2023-01-16 | Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS |
| CVE-2022-4478 | 2023-01-16 | Font Awesome < 4.3.2 - Contributor+ Stored XSS |
| CVE-2022-4482 | 2023-01-16 | Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS |
| CVE-2022-4549 | 2023-01-16 | Tickera < 3.5.1.0 - Plugin Data Deletion via CSRF |
| CVE-2022-4508 | 2023-01-16 | ConvertKit < 2.0.5 - Contributor+ Stored XSS |
| CVE-2022-4477 | 2023-01-16 | Smash Balloon Social Post Feed < 4.1.6 - Contributor+ Stored XSS |
| CVE-2022-4476 | 2023-01-16 | Download Manager < 3.2.62 - Contributor+ Stored XSS |
| CVE-2022-4460 | 2023-01-16 | Sidebar Widgets by CodeLights <= 1.4 - Contributor+ Stored XSS |
| CVE-2022-4483 | 2023-01-16 | Insert Pages < 3.7.5 - Contributor+ Stored XSS |
| CVE-2022-4544 | 2023-01-16 | MashShare < 3.8.7 - Contributor+ Stored XSS |
| CVE-2022-4060 | 2023-01-16 | User Post Gallery <= 2.19 - Unauthenticated RCE |
| CVE-2022-4451 | 2023-01-16 | Sassy Social Share < 3.3.45 - Contributor+ Stored XSS |
| CVE-2022-4447 | 2023-01-16 | Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi |
| CVE-2022-4484 | 2023-01-16 | Super Socializer < 7.13.44 - Contributor+ Stored XSS |
| CVE-2022-4578 | 2023-01-16 | Video Conferencing with Zoom < 4.0.10 - Contributor+ Stored XSS |
| CVE-2022-4295 | 2023-01-16 | Show All Comments < 7.0.1 - Reflected XSS |
| CVE-2022-4309 | 2023-01-16 | Subscribe2 < 10.38 - User Deletion via CSRF |
| CVE-2022-4431 | 2023-01-16 | WOOCS < 1.3.9.4 - Contributor+ Stored XSS |
| CVE-2022-4299 | 2023-01-16 | Metricool < 1.18 - Admin+ Stored XSS |
| CVE-2022-2658 | 2023-01-16 | WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting |
| CVE-2014-125080 | 2023-01-16 | frontaccounting faplanet path traversal |
| CVE-2015-10054 | 2023-01-16 | githuis P2Manage Database.cs Execute sql injection |
| CVE-2015-10055 | 2023-01-16 | PictureThisWebServer user.js router.post sql injection |
| CVE-2023-0327 | 2023-01-16 | saemorris TheRadSystem users.php cross site scripting |
| CVE-2015-10056 | 2023-01-16 | 2071174A vinylmap views.py contact sql injection |
| CVE-2015-10057 | 2023-01-16 | Little Apps Little Software Stats Password Reset class.securelogin.php access control |
| CVE-2022-3087 | 2023-01-16 | Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code. |
| CVE-2022-46891 | 2023-01-17 | An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed... |
| CVE-2018-14628 | 2023-01-17 | An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted... |
| CVE-2021-32837 | 2023-01-17 | mechanize vulnerable to ReDoS |
| CVE-2021-36647 | 2023-01-17 | Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access... |
| CVE-2022-2251 | 2023-01-17 | Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch... |
| CVE-2022-23739 | 2023-01-17 | Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens |
| CVE-2022-2907 | 2023-01-17 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.... |
| CVE-2022-3650 | 2023-01-17 | A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. |
| CVE-2022-39195 | 2023-01-17 | A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter. |
| CVE-2022-40319 | 2023-01-17 | The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification... |
| CVE-2022-40704 | 2023-01-17 | A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite. |
| CVE-2022-4121 | 2023-01-17 | In libetpan a null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c was found that could lead to a remote denial of service or other potential consequences. |
| CVE-2022-41858 | 2023-01-17 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could... |
| CVE-2022-41859 | 2023-01-17 | In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. |
| CVE-2022-41860 | 2023-01-17 | In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the... |
| CVE-2022-41861 | 2023-01-17 | A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. |
| CVE-2022-43975 | 2023-01-17 | An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory... |
| CVE-2022-43976 | 2023-01-17 | An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the... |
| CVE-2022-43977 | 2023-01-17 | An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control. |
| CVE-2022-45439 | 2023-01-17 | A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to... |
| CVE-2022-45440 | 2023-01-17 | A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges... |
| CVE-2022-46475 | 2023-01-17 | D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. |
| CVE-2022-46648 | 2023-01-17 | ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to... |
| CVE-2022-47318 | 2023-01-17 | ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to... |
| CVE-2022-47853 | 2023-01-17 | TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. |
| CVE-2022-47929 | 2023-01-17 | In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a... |
| CVE-2023-0122 | 2023-01-17 | A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected... |
| CVE-2023-0158 | 2023-01-17 | Triggered crash on direct RRDP access |
| CVE-2023-0296 | 2023-01-17 | The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the... |
| CVE-2023-0337 | 2023-01-17 | Cross-site Scripting (XSS) - Reflected in lirantal/daloradius |
| CVE-2023-0338 | 2023-01-17 | Cross-site Scripting (XSS) - Reflected in lirantal/daloradius |
| CVE-2023-22278 | 2023-01-17 | m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being... |
| CVE-2023-22279 | 2023-01-17 | MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary... |
| CVE-2023-22280 | 2023-01-17 | MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege... |
| CVE-2023-22286 | 2023-01-17 | Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote... |
| CVE-2023-22296 | 2023-01-17 | Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer series MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows... |
| CVE-2023-22298 | 2023-01-17 | Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by... |
| CVE-2023-22303 | 2023-01-17 | TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator of the product. As a result,... |
| CVE-2023-22304 | 2023-01-17 | OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS command. |
| CVE-2023-22316 | 2023-01-17 | Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services. |
| CVE-2023-22357 | 2023-01-17 | Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker... |
| CVE-2023-22366 | 2023-01-17 | CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution. |
| CVE-2023-22624 | 2023-01-17 | Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. |
| CVE-2023-23637 | 2023-01-17 | IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information. |
| CVE-2020-36611 | 2023-01-17 | File and Directory Permission Vulnerability in Hitachi Tuning Manager |
| CVE-2022-30544 | 2023-01-17 | WordPress OSM – OpenStreetMap Plugin <= 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-42462 | 2023-01-17 | WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-43462 | 2023-01-17 | WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to SQL Injection (SQLi) vulnerability |
| CVE-2023-0332 | 2023-01-17 | SourceCodester Online Food Ordering System manage_user.php sql injection |
| CVE-2010-10008 | 2023-01-17 | simplesamlphp simplesamlphp-module-openidprovider trust.tpl.php cross site scripting |
| CVE-2015-10058 | 2023-01-17 | Wikisource Category Browser index.php cross site scripting |
| CVE-2015-10059 | 2023-01-17 | s134328 Webapplication-Veganguide apiService.js cross site scripting |
| CVE-2015-10060 | 2023-01-17 | MNBikeways database views.py sql injection |
| CVE-2017-20170 | 2023-01-17 | ollpu parontalli index.php sql injection |
| CVE-2013-10013 | 2023-01-17 | Bricco Authenticator Plugin DBAuthenticator.java compare sql injection |
| CVE-2015-10061 | 2023-01-17 | evandro-machado Trabalho-Web2 ClienteDAO.java sql injection |
| CVE-2016-15021 | 2023-01-17 | nickzren alsdb sql injection |
| CVE-2022-2893 | 2023-01-17 | RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files. |
| CVE-2022-3091 | 2023-01-17 | RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating... |
| CVE-2022-4621 | 2023-01-17 | Panasonic Sanyo CCTV Network Camera |
| CVE-2023-22875 | 2023-01-17 | IBM Security QRadar SIEM information disclosure |
| CVE-2015-10062 | 2023-01-17 | galaxy-data-resource Command Line Template injection |
| CVE-2015-10063 | 2023-01-17 | saemorris TheRadSystem _login.php redirect sql injection |
| CVE-2015-10064 | 2023-01-17 | VictorFerraresi pokemon-database-php sql injection |
| CVE-2006-20001 | 2023-01-17 | Apache HTTP Server: mod_dav out of bounds read, or write of zero byte |
| CVE-2022-36760 | 2023-01-17 | Apache HTTP Server: mod_proxy_ajp Possible request smuggling |
| CVE-2022-37436 | 2023-01-17 | Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting |
| CVE-2023-23749 | 2023-01-17 | Extension - miniorange - LDAP Integration - LDAP Injection (username) |
| CVE-2022-4891 | 2023-01-17 | Sisimai string.rb to_plain redos |
| CVE-2022-23538 | 2023-01-17 | User credentials leaked to third-party service via HTTP redirect in scs-library-client |
| CVE-2023-22499 | 2023-01-17 | Interactive permission prompt spoofing in Deno |