Lista CVE - 2023 / Febbraio
Visualizzazione 2001 - 2100 di 2164 CVE per Febbraio 2023 (Pagina 21 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-25235 | 2023-02-27 | Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid. |
| CVE-2023-26609 | 2023-02-27 | ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field. |
| CVE-2023-26758 | 2023-02-27 | Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. |
| CVE-2023-26759 | 2023-02-27 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. |
| CVE-2023-26760 | 2023-02-27 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400... |
| CVE-2023-26762 | 2023-02-27 | Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. |
| CVE-2023-22636 | 2023-02-27 | An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted... |
| CVE-2023-1053 | 2023-02-27 | SourceCodester Music Gallery Site view_category.php sql injection |
| CVE-2023-1054 | 2023-02-27 | SourceCodester Music Gallery Site sql injection |
| CVE-2023-1056 | 2023-02-27 | SourceCodester Doctors Appointment System patient.php sql injection |
| CVE-2023-1057 | 2023-02-27 | SourceCodester Doctors Appointment System login.php edoc sql injection |
| CVE-2023-1058 | 2023-02-27 | SourceCodester Doctors Appointment System create-account.php sql injection |
| CVE-2023-1059 | 2023-02-27 | SourceCodester Doctors Appointment System Parameter doctors.php sql injection |
| CVE-2023-1061 | 2023-02-27 | SourceCodester Doctors Appointment System edit-doc.php sql injection |
| CVE-2023-1062 | 2023-02-27 | SourceCodester Doctors Appointment System Parameter add-new.php sql injection |
| CVE-2023-1063 | 2023-02-27 | SourceCodester Doctors Appointment System Parameter patient.php sql injection |
| CVE-2023-1068 | 2023-02-27 | The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce... |
| CVE-2022-40237 | 2023-02-27 | IBM MQ for HPE NonStop denial of service |
| CVE-2023-22860 | 2023-02-27 | IBM Cloud Pak for Business Automation cross-site scripting |
| CVE-2022-45137 | 2023-02-27 | WAGO: Reflective Cross-Site Scripting |
| CVE-2022-45138 | 2023-02-27 | WAGO: Missing Authentication for Critical Function |
| CVE-2022-45139 | 2023-02-27 | WAGO: Origin validation error through CORS misconfiguration |
| CVE-2022-45140 | 2023-02-27 | WAGO: Missing Authentication for Critical Function |
| CVE-2023-26042 | 2023-02-27 | HTML/XSS injection possibilities in Part-DB |
| CVE-2023-27263 | 2023-02-27 | IDOR: Accessing playbook runs via the Playbooks Runs API |
| CVE-2023-27264 | 2023-02-27 | IDOR: Updating a playbook via the Playbooks API |
| CVE-2023-27265 | 2023-02-27 | Disclosure of team owner email address when regenerating Invite ID |
| CVE-2023-27266 | 2023-02-27 | Disclosure of team owner email address when when accessing the teams API |
| CVE-2023-0334 | 2023-02-27 | ShortPixel Adaptive Images < 3.6.3 - Reflected XSS |
| CVE-2023-0230 | 2023-02-27 | VK All in One Expansion Unit < 9.86.0.0 - Contributor+ Stored XSS |
| CVE-2022-4795 | 2023-02-27 | Galleries by Angie Makes <= 1.67 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0548 | 2023-02-27 | Namaste! LMS < 2.5.9.4 - Admin+ Stored XSS |
| CVE-2022-4829 | 2023-02-27 | Show-Hide / Collapse-Expand < 1.3.0 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4757 | 2023-02-27 | List Pages Shortcode < 1.7.6 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0552 | 2023-02-27 | Pie Register < 3.8.2.3 - Open Redirect |
| CVE-2023-0381 | 2023-02-27 | GigPress <= 2.3.28 - Subscriber+ SQLi |
| CVE-2023-0168 | 2023-02-27 | Olevmedia Shortcodes <= 1.1.9 - Contributor+ Stored XSS |
| CVE-2023-0543 | 2023-02-27 | Arigato Autoresponder and Newsletter < 2.1.7.2 - Admin+ Stored XSS |
| CVE-2022-4788 | 2023-02-27 | Embed PDF <= 1.0.6 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0539 | 2023-02-27 | GS Insever Portfolio < 1.4.5 - Contributor+ Stored XSS |
| CVE-2022-4550 | 2023-02-27 | User Activity <= 1.0.1 - IP Spoofing |
| CVE-2022-4679 | 2023-02-27 | Wufoo Shortcode < 1.52 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0535 | 2023-02-27 | Donation Block For PayPal < 2.1.0 - Contributor+ Stored XSS |
| CVE-2023-0279 | 2023-02-27 | Media Library Assistant < 3.06 - Admin+ SQLi |
| CVE-2023-0487 | 2023-02-27 | My Sticky Elements < 2.0.9 - Admin+ SQLi |
| CVE-2023-0278 | 2023-02-27 | GeoDirectory < 2.2.24 - Admin+ SQLi |
| CVE-2023-0043 | 2023-02-27 | Custom Add User <= 2.0.2 - Reflected Cross-Site Scripting |
| CVE-2023-0331 | 2023-02-27 | Correos Oficial <= 1.2.0.2 - Unauthenticated Arbitrary File Download |
| CVE-2023-26041 | 2023-02-27 | Nextcloud Talk messages can still be seen on conversation after expiring when cron is misconfigured |
| CVE-2023-26043 | 2023-02-27 | XML External Entity (XXE) injection in GeoServer style upload functionality |
| CVE-2022-23239 | 2023-02-28 | Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting... |
| CVE-2023-1081 | 2023-02-28 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2023-20938 | 2023-02-28 | In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-25432 | 2023-02-28 | An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php. |
| CVE-2022-20455 | 2023-02-28 | In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed.... |
| CVE-2022-20481 | 2023-02-28 | In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution... |
| CVE-2022-20551 | 2023-02-28 | In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation... |
| CVE-2022-23240 | 2023-02-28 | Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified... |
| CVE-2022-38220 | 2023-02-28 | An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. |
| CVE-2022-47075 | 2023-02-28 | An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx. |
| CVE-2022-47076 | 2023-02-28 | An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx. |
| CVE-2023-1095 | 2023-02-28 | In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list... |
| CVE-2023-20857 | 2023-02-28 | VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. |
| CVE-2023-20932 | 2023-02-28 | In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no... |
| CVE-2023-20933 | 2023-02-28 | In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional... |
| CVE-2023-20934 | 2023-02-28 | In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no... |
| CVE-2023-20937 | 2023-02-28 | In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege... |
| CVE-2023-20939 | 2023-02-28 | In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-20940 | 2023-02-28 | In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no... |
| CVE-2023-20943 | 2023-02-28 | In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution... |
| CVE-2023-20944 | 2023-02-28 | In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2023-20945 | 2023-02-28 | In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-20946 | 2023-02-28 | In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution... |
| CVE-2023-20948 | 2023-02-28 | In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2023-22995 | 2023-02-28 | In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. |
| CVE-2023-22996 | 2023-02-28 | In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device. |
| CVE-2023-22997 | 2023-02-28 | In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
| CVE-2023-22998 | 2023-02-28 | In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
| CVE-2023-22999 | 2023-02-28 | In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
| CVE-2023-25264 | 2023-02-28 | An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path... |
| CVE-2023-25265 | 2023-02-28 | Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. |
| CVE-2023-25266 | 2023-02-28 | An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the... |
| CVE-2023-25431 | 2023-02-28 | An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php. |
| CVE-2023-26255 | 2023-02-28 | An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it... |
| CVE-2023-26256 | 2023-02-28 | An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it... |
| CVE-2023-27292 | 2023-02-28 | An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. |
| CVE-2023-27293 | 2023-02-28 | Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated... |
| CVE-2023-27294 | 2023-02-28 | Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which... |
| CVE-2023-27295 | 2023-02-28 | Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in... |
| CVE-2023-27320 | 2023-02-28 | Sudo before 1.9.13p2 has a double free in the per-command chroot feature. |
| CVE-2023-27371 | 2023-02-28 | GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send... |
| CVE-2023-27372 | 2023-02-28 | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. |
| CVE-2015-10086 | 2023-02-28 | OpenCycleCompass server-php login.php sql injection |
| CVE-2022-3884 | 2023-02-28 | Directory Permission Vulnerability in Hitachi Ops Center Analyzer |
| CVE-2022-4895 | 2023-02-28 | Man-in-the-middle attack Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer |
| CVE-2020-36652 | 2023-02-28 | File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center |
| CVE-2021-22283 | 2023-02-28 | MMS File Transfer Vulnerability impact on Distribution Automation products |
| CVE-2023-26105 | 2023-02-28 | All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function. |
| CVE-2023-1080 | 2023-02-28 | The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output... |
| CVE-2023-1028 | 2023-02-28 | The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on... |