Lista CVE - 2023 / Gennaio
Visualizzazione 701 - 800 di 2351 CVE per Gennaio 2023 (Pagina 8 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-21762 | 2023-01-10 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2023-21771 | 2023-01-10 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability |
| CVE-2023-22320 | 2023-01-10 | OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly. |
| CVE-2023-22895 | 2023-01-10 | The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated... |
| CVE-2023-22898 | 2023-01-10 | workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb). |
| CVE-2023-22899 | 2023-01-10 | Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. |
| CVE-2023-22903 | 2023-01-10 | api/views/user.py in LibrePhotos before e19e539 has incorrect access control. |
| CVE-2023-22909 | 2023-01-10 | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries... |
| CVE-2023-22911 | 2023-01-10 | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because... |
| CVE-2023-0012 | 2023-01-10 | Local Privilege Escalation in SAP Host Agent (Windows) |
| CVE-2023-0013 | 2023-01-10 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-0014 | 2023-01-10 | Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-0015 | 2023-01-10 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence) |
| CVE-2023-0016 | 2023-01-10 | SQL Injection vulnerability in SAP Business Planning and Consolidation MS |
| CVE-2023-0017 | 2023-01-10 | Improper access control in SAP NetWeaver AS for Java |
| CVE-2023-0018 | 2023-01-10 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console) |
| CVE-2023-0022 | 2023-01-10 | Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP) |
| CVE-2023-0023 | 2023-01-10 | Information Disclosure in SAP Bank Account Management (Manage Banks) |
| CVE-2022-4294 | 2023-01-10 | Norton, Avira, Avast and AVG Antivirus for Windows Privilege Escalation |
| CVE-2022-4429 | 2023-01-10 | Avira Security for Windows - Denial of Service |
| CVE-2022-38773 | 2023-01-10 | Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An... |
| CVE-2022-43513 | 2023-01-10 | A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2).... |
| CVE-2022-43514 | 2023-01-10 | A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2).... |
| CVE-2022-45092 | 2023-01-10 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected... |
| CVE-2022-45093 | 2023-01-10 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected... |
| CVE-2022-45094 | 2023-01-10 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected... |
| CVE-2022-46823 | 2023-01-10 | A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9),... |
| CVE-2022-47935 | 2023-01-10 | A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption... |
| CVE-2022-47967 | 2023-01-10 | A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file... |
| CVE-2016-15017 | 2023-01-10 | fabarea media_upload UploadFileService.php getUploadedFileList pathname traversal |
| CVE-2014-125073 | 2023-01-10 | mapoor voteapp app.py show_refresh sql injection |
| CVE-2022-4709 | 2023-01-10 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user,... |
| CVE-2022-4700 | 2023-01-10 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user,... |
| CVE-2022-4702 | 2023-01-10 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user,... |
| CVE-2022-4711 | 2023-01-10 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user,... |
| CVE-2022-4708 | 2023-01-10 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user,... |
| CVE-2022-4710 | 2023-01-10 | The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping... |
| CVE-2022-4704 | 2023-01-10 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user,... |
| CVE-2022-4705 | 2023-01-10 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user,... |
| CVE-2022-4703 | 2023-01-10 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user,... |
| CVE-2022-4701 | 2023-01-10 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user,... |
| CVE-2022-4707 | 2023-01-10 | The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template'... |
| CVE-2023-0162 | 2023-01-10 | The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient... |
| CVE-2021-26316 | 2023-01-10 | Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code... |
| CVE-2021-26346 | 2023-01-10 | Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting... |
| CVE-2022-4636 | 2023-01-10 | Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other... |
| CVE-2022-46163 | 2023-01-10 | travel-support-program vulnerable to data exfiltration via Ransack query injection |
| CVE-2023-22469 | 2023-01-10 | Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache |
| CVE-2023-22479 | 2023-01-10 | KubePi vulnerable to session fixation attack |
| CVE-2022-38393 | 2023-01-10 | A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker... |
| CVE-2022-38105 | 2023-01-10 | An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker... |
| CVE-2022-35401 | 2023-01-10 | An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need... |
| CVE-2021-46795 | 2023-01-10 | A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result... |
| CVE-2021-26328 | 2023-01-10 | Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests. |
| CVE-2021-26343 | 2023-01-10 | Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure. |
| CVE-2021-26355 | 2023-01-10 | Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service. |
| CVE-2021-26396 | 2023-01-10 | Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest. |
| CVE-2021-26398 | 2023-01-10 | Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to... |
| CVE-2021-26402 | 2023-01-10 | Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may... |
| CVE-2021-26403 | 2023-01-10 | Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality. |
| CVE-2021-26404 | 2023-01-10 | Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. |
| CVE-2021-26407 | 2023-01-10 | A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure. |
| CVE-2021-26409 | 2023-01-10 | Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity. |
| CVE-2021-46767 | 2023-01-10 | Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service. |
| CVE-2021-46768 | 2023-01-10 | Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service. |
| CVE-2021-46779 | 2023-01-10 | Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to... |
| CVE-2021-46791 | 2023-01-10 | Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user... |
| CVE-2022-23813 | 2023-01-10 | The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment. |
| CVE-2022-23814 | 2023-01-10 | Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. |
| CVE-2023-20522 | 2023-01-10 | Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. |
| CVE-2023-20523 | 2023-01-10 | TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. |
| CVE-2023-20525 | 2023-01-10 | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. |
| CVE-2023-20527 | 2023-01-10 | Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. |
| CVE-2023-20528 | 2023-01-10 | Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. |
| CVE-2023-20529 | 2023-01-10 | Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. |
| CVE-2023-20530 | 2023-01-10 | Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. |
| CVE-2023-20531 | 2023-01-10 | Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service. |
| CVE-2023-20532 | 2023-01-10 | Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. |
| CVE-2022-43391 | 2023-01-11 | A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by... |
| CVE-2022-43392 | 2023-01-11 | A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending... |
| CVE-2021-3966 | 2023-01-11 | Usb bluetooth device ACL read cb buffer overflow |
| CVE-2022-0553 | 2023-01-11 | Possible to retrieve uncrypted firmware image |
| CVE-2022-42967 | 2023-01-11 | XSS in Caret markdown editor leads to remote code execution when viewing crafted Markdown files |
| CVE-2022-43389 | 2023-01-11 | A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or... |
| CVE-2022-43390 | 2023-01-11 | A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device... |
| CVE-2022-43393 | 2023-01-11 | An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the... |
| CVE-2022-4344 | 2023-01-11 | Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file |
| CVE-2022-4415 | 2023-01-11 | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. |
| CVE-2022-4543 | 2023-01-11 | A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on... |
| CVE-2022-47859 | 2023-01-11 | Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php. |
| CVE-2022-47860 | 2023-01-11 | Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. |
| CVE-2022-47861 | 2023-01-11 | Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php. |
| CVE-2022-47862 | 2023-01-11 | Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php. |
| CVE-2022-47864 | 2023-01-11 | Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php. |
| CVE-2022-47865 | 2023-01-11 | Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php. |
| CVE-2022-47866 | 2023-01-11 | Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. |
| CVE-2022-48252 | 2023-01-11 | The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection. |
| CVE-2022-48253 | 2023-01-11 | nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs... |
| CVE-2023-22945 | 2023-01-11 | In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. |
| CVE-2023-22947 | 2023-01-11 | Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the... |