Lista CVE - 2023 / Febbraio
Visualizzazione 1801 - 1900 di 2164 CVE per Febbraio 2023 (Pagina 19 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-23659 | 2023-02-23 | WordPress MainWP Matomo Extension Plugin <= 4.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-0867 | 2023-02-23 | Multiple stored and reflected Cross-site Scripting in webapp |
| CVE-2023-0815 | 2023-02-23 | Plaintext Password Present in the Web logs |
| CVE-2023-24384 | 2023-02-23 | WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24415 | 2023-02-23 | WordPress AI ChatBot plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-0986 | 2023-02-23 | SourceCodester Sales Tracker Management System Edit User sql injection |
| CVE-2023-0987 | 2023-02-23 | SourceCodester Online Pizza Ordering System cross site scripting |
| CVE-2023-0988 | 2023-02-23 | SourceCodester Online Pizza Ordering System cross-site request forgery |
| CVE-2022-48342 | 2023-02-23 | In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. |
| CVE-2022-48343 | 2023-02-23 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. |
| CVE-2022-48344 | 2023-02-23 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. |
| CVE-2023-22476 | 2023-02-23 | MantisBT: Exposure of Private issues' summary to unauthorized users |
| CVE-2023-0755 | 2023-02-23 | The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. |
| CVE-2023-0754 | 2023-02-23 | The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. |
| CVE-2023-25823 | 2023-02-23 | Gradio contains Use of Hard-coded Credentials |
| CVE-2023-25824 | 2023-02-23 | mod_gnutls contains Infinite Loop on request read timeout |
| CVE-2021-33224 | 2023-02-24 | File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. |
| CVE-2021-33387 | 2023-02-24 | Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request. |
| CVE-2021-34167 | 2023-02-24 | Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. |
| CVE-2021-34249 | 2023-02-24 | SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL. |
| CVE-2021-35290 | 2023-02-24 | File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page. |
| CVE-2021-35369 | 2023-02-24 | Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function. |
| CVE-2021-35370 | 2023-02-24 | An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function. |
| CVE-2022-44310 | 2023-02-24 | In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret. |
| CVE-2022-46440 | 2023-02-24 | ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c. |
| CVE-2022-48345 | 2023-02-24 | sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities. |
| CVE-2023-0481 | 2023-02-24 | In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. |
| CVE-2023-0595 | 2023-02-24 | A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port... |
| CVE-2023-0994 | 2023-02-24 | Exposure of Sensitive Information to an Unauthorized Actor in francoisjacquet/rosariosis |
| CVE-2023-0995 | 2023-02-24 | Cross-site Scripting (XSS) - Stored in unilogies/bumsys |
| CVE-2023-22425 | 2023-02-24 | Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. |
| CVE-2023-22427 | 2023-02-24 | Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script. |
| CVE-2023-23205 | 2023-02-24 | An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c. |
| CVE-2023-24189 | 2023-02-24 | An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile. |
| CVE-2023-0996 | 2023-02-24 | There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a... |
| CVE-2022-1607 | 2023-02-24 | Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller |
| CVE-2023-26102 | 2023-02-24 | All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify... |
| CVE-2023-0997 | 2023-02-24 | SourceCodester Moosikay E-Commerce System POST Parameter order.php sql injection |
| CVE-2023-0998 | 2023-02-24 | SourceCodester Alphaware Simple E-Commerce System Payment summary.php access control |
| CVE-2023-0999 | 2023-02-24 | SourceCodester Sales Tracker Management System cross-site request forgery |
| CVE-2023-1002 | 2023-02-24 | MuYuCMS index.php path traversal |
| CVE-2023-1003 | 2023-02-24 | Typora WSH JScript code injection |
| CVE-2023-1004 | 2023-02-24 | MarkText WSH JScript code injection |
| CVE-2023-1005 | 2023-02-24 | JP1016 Markdown-Electron code injection |
| CVE-2023-1006 | 2023-02-24 | SourceCodester Medical Certificate Generator App New Record cross site scripting |
| CVE-2023-1007 | 2023-02-24 | Twister Antivirus IoControlCode filmfd.sys 0x801120E4 access control |
| CVE-2023-1008 | 2023-02-24 | Twister Antivirus IoControlCode filmfd.sys 0x801120E4 denial of service |
| CVE-2023-1009 | 2023-02-24 | DrayTek Vigor 2960 Web Management Interface mainfunction.cgi sub_1DF14 path traversal |
| CVE-2023-1010 | 2023-02-24 | vox2png vox2png.c heap-based overflow |
| CVE-2021-4105 | 2023-02-24 | Unauthenticated Remote Code Execution on COSLAT Firewall |
| CVE-2023-25691 | 2023-02-24 | Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution |
| CVE-2023-25692 | 2023-02-24 | Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service |
| CVE-2023-25693 | 2023-02-24 | Sqoop Apache Airflow Provider Remote Code Execution Vulnerability |
| CVE-2023-25696 | 2023-02-24 | Apache Airflow Hive Provider Beeline RCE |
| CVE-2023-25956 | 2023-02-24 | Apache Airflow AWS Provider: Arbitrary file read via AWS provider |
| CVE-2021-3855 | 2023-02-24 | Command Injection in Liman Central Management System |
| CVE-2022-43923 | 2023-02-24 | IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584. |
| CVE-2023-0585 | 2023-02-24 | The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization... |
| CVE-2023-0586 | 2023-02-24 | The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization... |
| CVE-2022-4203 | 2023-02-24 | X.509 Name Constraints Read Buffer Overflow |
| CVE-2023-1029 | 2023-02-24 | The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on... |
| CVE-2023-1030 | 2023-02-24 | SourceCodester/code-projects Online Boat Reservation System POST Parameter login.php cross site scripting |
| CVE-2022-23535 | 2023-02-24 | LiteDB contains Deserialization of Untrusted Data |
| CVE-2023-25816 | 2023-02-24 | nextcloud vulnerable to Uncontrolled Resource Consumption |
| CVE-2023-26033 | 2023-02-24 | Gentoo soko contains DoS attack based on SQL Injection |
| CVE-2023-25821 | 2023-02-24 | Nextcloud download permissions can be changed by resharer |
| CVE-2022-2024 | 2023-02-25 | OS Command Injection in gogs/gogs |
| CVE-2022-48362 | 2023-02-25 | Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when... |
| CVE-2023-1033 | 2023-02-25 | Cross-Site Request Forgery (CSRF) in froxlor/froxlor |
| CVE-2023-1034 | 2023-02-25 | Path Traversal: '\..\filename' in salesagility/suitecrm |
| CVE-2023-26544 | 2023-02-25 | In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. |
| CVE-2023-26545 | 2023-02-25 | In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of... |
| CVE-2023-26550 | 2023-02-25 | A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. |
| CVE-2023-25825 | 2023-02-25 | ZoneMinder contains Cross-site Scripting via log viewing |
| CVE-2023-26032 | 2023-02-25 | ZoneMinder contains SQL injection via malicious Jason Web Token |
| CVE-2023-26034 | 2023-02-25 | ZoneMinder SQL Injection |
| CVE-2023-26035 | 2023-02-25 | ZoneMinder vulnerable to Missing Authorization |
| CVE-2023-26036 | 2023-02-25 | ZoneMinder contains Local File Inclusion vulnerability |
| CVE-2023-26037 | 2023-02-25 | ZoneMinder contains SQL Injection via report_event_audit |
| CVE-2023-26038 | 2023-02-25 | ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php` |
| CVE-2023-26039 | 2023-02-25 | ZoneMinder vulnerable to OS Command injection in daemonControl() API |
| CVE-2023-26103 | 2023-02-25 | Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used... |
| CVE-2023-26104 | 2023-02-25 | All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable... |
| CVE-2023-1035 | 2023-02-25 | SourceCodester Clinics Patient Management System update_user.php sql injection |
| CVE-2021-3329 | 2023-02-26 | DOS: Incorrect handling of the initial HCI ACL_MTU handshake packet leads to crash of bluetooth host layer |
| CVE-2022-48363 | 2023-02-26 | In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is... |
| CVE-2023-26091 | 2023-02-26 | The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails. |
| CVE-2023-26602 | 2023-02-26 | ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. |
| CVE-2023-26605 | 2023-02-26 | In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. |
| CVE-2023-26606 | 2023-02-26 | In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c. |
| CVE-2023-26607 | 2023-02-26 | In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. |
| CVE-2019-25105 | 2023-02-26 | dro.pm fileman.php cross site scripting |
| CVE-2023-1036 | 2023-02-26 | SourceCodester Dental Clinic Appointment Reservation System POST Parameter signup.php cross site scripting |
| CVE-2023-1037 | 2023-02-26 | SourceCodester Dental Clinic Appointment Reservation System POST Parameter login.php sql injection |
| CVE-2023-1038 | 2023-02-26 | SourceCodester Online Reviewer Management System questions-view.php sql injection |
| CVE-2023-1039 | 2023-02-26 | SourceCodester Class and Exam Timetabling System POST Parameter index3.php sql injection |
| CVE-2023-1040 | 2023-02-26 | SourceCodester Online Graduate Tracer System add_acc.php sql injection |
| CVE-2023-1041 | 2023-02-26 | SourceCodester Simple Responsive Tourism Website rate_review.php cross site scripting |
| CVE-2023-1042 | 2023-02-26 | SourceCodester Online Pet Shop We App update_status.php cross site scripting |
| CVE-2023-1043 | 2023-02-26 | MuYuCMS index.php path traversal |