Lista CVE - 2023 / Febbraio
Visualizzazione 501 - 600 di 2164 CVE per Febbraio 2023 (Pagina 6 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-21953 | 2023-02-07 | Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster |
| CVE-2022-24990 | 2023-02-07 | TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. |
| CVE-2022-31249 | 2023-02-07 | [RANCHER] OS command injection in Rancher and Fleet |
| CVE-2022-31254 | 2023-02-07 | rmt-server-pubcloud allows to escalate from user _rmt to root |
| CVE-2022-38547 | 2023-02-07 | A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions... |
| CVE-2022-40480 | 2023-02-07 | Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet. |
| CVE-2022-43755 | 2023-02-07 | Rancher: Non-random authentication token |
| CVE-2022-43756 | 2023-02-07 | Rancher/Wrangler: Denial of service when processing Git credentials |
| CVE-2022-43757 | 2023-02-07 | Rancher: Exposure of sensitive fields |
| CVE-2022-43758 | 2023-02-07 | Rancher: Command injection in Git package |
| CVE-2022-43759 | 2023-02-07 | Rancher: Privilege escalation via promoted roles |
| CVE-2022-45190 | 2023-02-07 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device. |
| CVE-2022-45191 | 2023-02-07 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. |
| CVE-2022-45192 | 2023-02-07 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. |
| CVE-2022-45441 | 2023-02-07 | A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI... |
| CVE-2022-45768 | 2023-02-07 | Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function. |
| CVE-2022-46285 | 2023-02-07 | A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop... |
| CVE-2022-46663 | 2023-02-07 | In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. |
| CVE-2022-4883 | 2023-02-07 | A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable... |
| CVE-2023-0698 | 2023-02-07 | Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium... |
| CVE-2023-0699 | 2023-02-07 | Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security... |
| CVE-2023-0700 | 2023-02-07 | Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium... |
| CVE-2023-0704 | 2023-02-07 | Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security... |
| CVE-2023-0705 | 2023-02-07 | Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page.... |
| CVE-2023-0735 | 2023-02-07 | Cross-Site Request Forgery (CSRF) in wallabag/wallabag |
| CVE-2023-0736 | 2023-02-07 | Cross-site Scripting (XSS) - Stored in wallabag/wallabag |
| CVE-2023-22643 | 2023-02-07 | libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls |
| CVE-2023-23011 | 2023-02-07 | Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. |
| CVE-2023-23026 | 2023-02-07 | Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. |
| CVE-2023-24808 | 2023-02-07 | Denial Of Service when opening a corrupt PDF file in pdfio |
| CVE-2023-24827 | 2023-02-07 | Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set in syft |
| CVE-2022-42291 | 2023-02-07 | NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to... |
| CVE-2022-31611 | 2023-02-07 | NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL... |
| CVE-2022-42292 | 2023-02-07 | NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write... |
| CVE-2023-0706 | 2023-02-07 | SourceCodester Medical Certificate Generator App manage_record.php sql injection |
| CVE-2023-23696 | 2023-02-07 | Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write... |
| CVE-2015-10074 | 2023-02-07 | OpenSeaMap online_chart index.php init cross site scripting |
| CVE-2015-10075 | 2023-02-07 | Custom-Content-Width custom-content-width.php register_settings cross site scripting |
| CVE-2023-0707 | 2023-02-07 | SourceCodester Medical Certificate Generator App function.php delete_record sql injection |
| CVE-2022-40691 | 2023-02-07 | An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information.... |
| CVE-2022-41311 | 2023-02-07 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An... |
| CVE-2022-41312 | 2023-02-07 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An... |
| CVE-2022-41313 | 2023-02-07 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An... |
| CVE-2022-40224 | 2023-02-07 | A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service.... |
| CVE-2022-40693 | 2023-02-07 | A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information.... |
| CVE-2011-10002 | 2023-02-07 | weblabyrinth labyrinth.inc.php Labyrinth sql injection |
| CVE-2023-24813 | 2023-02-07 | URI validation failure on SVG parsing. Bypass of CVE-2023-23924 |
| CVE-2023-24814 | 2023-02-07 | Persisted Cross-Site Scripting in Frontend Rendering in typo3 |
| CVE-2023-22735 | 2023-02-07 | User uploads proxied from S3 lack `Content-Security-Policy` headers, may be served with `Content-Disposition: inline` in zulip |
| CVE-2023-25194 | 2023-02-07 | Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect |
| CVE-2022-47412 | 2023-02-07 | ONLYOFFICE Workspace Search Stored XSS |
| CVE-2023-0732 | 2023-02-07 | SourceCodester Online Eyewear Shop POST Request Users.php registration cross site scripting |
| CVE-2023-23931 | 2023-02-07 | Cipher.update_into can corrupt memory in pyca cryptography |
| CVE-2011-10003 | 2023-02-07 | XpressEngine Update Query sql injection |
| CVE-2023-0728 | 2023-02-07 | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-0713 | 2023-02-07 | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes... |
| CVE-2022-47415 | 2023-02-07 | LogicalDOC Messaging Stored XSS |
| CVE-2022-47413 | 2023-02-07 | Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. |
| CVE-2022-47414 | 2023-02-07 | If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. |
| CVE-2022-47416 | 2023-02-07 | LogicalDOC Chat Stored XSS |
| CVE-2022-47419 | 2023-02-07 | Mayan EDMS Tag XSS |
| CVE-2022-47417 | 2023-02-07 | LogicalDOC Document File Name Stored XSS |
| CVE-2022-47418 | 2023-02-07 | LogicalDOC Document Version Comment Stored XSS |
| CVE-2023-0731 | 2023-02-07 | The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization... |
| CVE-2023-0727 | 2023-02-07 | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-0730 | 2023-02-07 | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-0719 | 2023-02-07 | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes... |
| CVE-2023-0712 | 2023-02-07 | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes... |
| CVE-2023-0723 | 2023-02-07 | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-0718 | 2023-02-07 | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes... |
| CVE-2023-24828 | 2023-02-07 | Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev |
| CVE-2022-38777 | 2023-02-08 | An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. |
| CVE-2022-38778 | 2023-02-08 | A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. |
| CVE-2022-45526 | 2023-02-08 | SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php. |
| CVE-2022-45527 | 2023-02-08 | File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. |
| CVE-2022-45755 | 2023-02-08 | Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. |
| CVE-2022-45982 | 2023-02-08 | thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload. |
| CVE-2022-47648 | 2023-02-08 | An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization.... |
| CVE-2023-0739 | 2023-02-08 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in answerdev/answer |
| CVE-2023-0740 | 2023-02-08 | Cross-site Scripting (XSS) - Stored in answerdev/answer |
| CVE-2023-0741 | 2023-02-08 | Cross-site Scripting (XSS) - DOM in answerdev/answer |
| CVE-2023-0742 | 2023-02-08 | Cross-site Scripting (XSS) - Stored in answerdev/answer |
| CVE-2023-0743 | 2023-02-08 | Cross-site Scripting (XSS) - Generic in answerdev/answer |
| CVE-2023-0744 | 2023-02-08 | Improper Access Control in answerdev/answer |
| CVE-2023-0747 | 2023-02-08 | Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver |
| CVE-2023-0748 | 2023-02-08 | Open Redirect in btcpayserver/btcpayserver |
| CVE-2023-25396 | 2023-02-08 | Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files. |
| CVE-2023-0716 | 2023-02-08 | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes... |
| CVE-2023-0720 | 2023-02-08 | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes... |
| CVE-2023-0685 | 2023-02-08 | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-0724 | 2023-02-08 | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-0725 | 2023-02-08 | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-0717 | 2023-02-08 | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes... |
| CVE-2023-0711 | 2023-02-08 | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes... |
| CVE-2023-0715 | 2023-02-08 | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes... |
| CVE-2023-0684 | 2023-02-08 | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes... |
| CVE-2023-0722 | 2023-02-08 | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-0726 | 2023-02-08 | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the... |
| CVE-2022-2094 | 2023-02-08 | Yellow Yard Searchbar < 2.8.2 - Reflected Cross-Site Scripting |
| CVE-2022-43761 | 2023-02-08 | Lack of authentication when managing APROL database |