Lista CVE - 2023 / Febbraio
Visualizzazione 101 - 200 di 2164 CVE per Febbraio 2023 (Pagina 2 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-22358 | 2023-02-01 | BIG-IP Edge Client for Windows vulnerability |
| CVE-2023-22374 | 2023-02-01 | iControl SOAP vulnerability |
| CVE-2023-22418 | 2023-02-01 | BIG-IP APM virtual server vulnerability |
| CVE-2023-22422 | 2023-02-01 | HTTP profile vulnerability |
| CVE-2023-22657 | 2023-02-01 | F5OS vulnerability |
| CVE-2023-22664 | 2023-02-01 | BIG-IP HTTP/2 profile vulnerability |
| CVE-2023-22839 | 2023-02-01 | BIG-IP DNS profile vulnerability |
| CVE-2023-22842 | 2023-02-01 | BIG-IP SIP profile vulnerability |
| CVE-2023-23552 | 2023-02-01 | BIG-IP Advanced WAF and ASM vulnerability |
| CVE-2023-23555 | 2023-02-01 | BIG-IP Virtual Edition vulnerability |
| CVE-2023-22501 | 2023-02-01 | An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance... |
| CVE-2023-23469 | 2023-02-01 | IBM Cloud Pak for Business Automation information disclosure |
| CVE-2023-0619 | 2023-02-01 | The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This... |
| CVE-2022-3083 | 2023-02-01 | All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie.... |
| CVE-2023-23750 | 2023-02-01 | [20230101] - Core - CSRF within post-installation messages |
| CVE-2023-23751 | 2023-02-01 | [20230102] - Core - Missing ACL checks for com_actionlogs |
| CVE-2022-3913 | 2023-02-01 | Rapid7 Nexpose Certificate Validation Issue |
| CVE-2023-0599 | 2023-02-01 | Rapid7 Metasploit Pro Stored XSS |
| CVE-2020-24307 | 2023-02-02 | An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of... |
| CVE-2022-3560 | 2023-02-02 | A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign... |
| CVE-2022-46552 | 2023-02-02 | D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. |
| CVE-2022-46604 | 2023-02-02 | An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. |
| CVE-2022-46965 | 2023-02-02 | PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability. |
| CVE-2022-48079 | 2023-02-02 | Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host... |
| CVE-2022-48082 | 2023-02-02 | Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag. |
| CVE-2022-48113 | 2023-02-02 | A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login... |
| CVE-2022-48114 | 2023-02-02 | RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. |
| CVE-2022-48130 | 2023-02-02 | Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. |
| CVE-2022-48140 | 2023-02-02 | DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. |
| CVE-2023-0642 | 2023-02-02 | Cross-Site Request Forgery (CSRF) in squidex/squidex |
| CVE-2023-0643 | 2023-02-02 | Improper Handling of Additional Special Element in squidex/squidex |
| CVE-2023-23110 | 2023-02-02 | An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can... |
| CVE-2023-23119 | 2023-02-02 | The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks.... |
| CVE-2023-23120 | 2023-02-02 | The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks.... |
| CVE-2023-25013 | 2023-02-02 | An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to... |
| CVE-2023-25014 | 2023-02-02 | An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to... |
| CVE-2023-25015 | 2023-02-02 | Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. |
| CVE-2022-33323 | 2023-02-02 | Authentication Bypass Vulnerability in Robot Controller of MELFA SD/SQ series and F-series |
| CVE-2022-40268 | 2023-02-02 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000... |
| CVE-2022-40269 | 2023-02-02 | Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi... |
| CVE-2023-0637 | 2023-02-02 | TRENDnet TEW-811DRU Web Management Interface wan.asp memory corruption |
| CVE-2023-0638 | 2023-02-02 | TRENDnet TEW-811DRU Web Interface command injection |
| CVE-2023-0639 | 2023-02-02 | TRENDnet TEW-652BRP Web Management Interface get_set.ccp cross site scripting |
| CVE-2023-0640 | 2023-02-02 | TRENDnet TEW-652BRP Web Interface ping.ccp command injection |
| CVE-2023-0641 | 2023-02-02 | PHPGurukul Employee Leaves Management System changepassword.php weak password |
| CVE-2022-2546 | 2023-02-02 | All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS |
| CVE-2022-43665 | 2023-02-02 | A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a... |
| CVE-2023-0646 | 2023-02-02 | dst-admin cavesConsole command injection |
| CVE-2023-0647 | 2023-02-02 | dst-admin kickPlayer command injection |
| CVE-2023-0648 | 2023-02-02 | dst-admin masterConsole command injection |
| CVE-2023-0649 | 2023-02-02 | dst-admin sendBroadcast command injection |
| CVE-2023-0650 | 2023-02-02 | YAFNET Signature cross site scripting |
| CVE-2023-0651 | 2023-02-02 | FastCMS Template Management unrestricted upload |
| CVE-2022-36401 | 2023-02-02 | WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-44585 | 2023-02-02 | WordPress Homepage Pop-up Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-40692 | 2023-02-02 | WordPress Sunshine Photo Cart Plugin <= 2.9.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24574 | 2023-02-02 | Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource... |
| CVE-2022-45067 | 2023-02-02 | WordPress Exclusive Addons Elementor Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45807 | 2023-02-02 | WordPress WP Mail Log Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46815 | 2023-02-02 | WordPress Conditional Shipping for WooCommerce Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46842 | 2023-02-02 | WordPress JS Help Desk plugin <= 2.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-22486 | 2023-02-02 | IBM Tivoli Workload Scheduler XML external entity injection |
| CVE-2022-38389 | 2023-02-02 | IBM Tivoli Workload Scheduler XML external entity injection |
| CVE-2023-0658 | 2023-02-02 | Multilaser RE057/RE170 Backup File param.file.tgz information disclosure |
| CVE-2022-38657 | 2023-02-02 | An open redirect to malicious sites affects HCL Leap |
| CVE-2022-4634 | 2023-02-02 | CVE-2022-4634 |
| CVE-2023-0123 | 2023-02-02 | CVE-2023-0123 |
| CVE-2023-0124 | 2023-02-02 | CVE-2023-0124 |
| CVE-2021-37375 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System... |
| CVE-2021-37376 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field... |
| CVE-2021-37377 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE:... |
| CVE-2021-37379 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states... |
| CVE-2022-45492 | 2023-02-03 | Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. |
| CVE-2022-45493 | 2023-02-03 | Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. |
| CVE-2022-47132 | 2023-02-03 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. |
| CVE-2022-48023 | 2023-02-03 | Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1... |
| CVE-2022-48074 | 2023-02-03 | An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. |
| CVE-2022-48165 | 2023-02-03 | An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. |
| CVE-2023-22975 | 2023-02-03 | A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html. |
| CVE-2023-23082 | 2023-02-03 | A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed... |
| CVE-2023-25136 | 2023-02-03 | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the... |
| CVE-2021-36424 | 2023-02-03 | An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. |
| CVE-2021-36425 | 2023-02-03 | Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. |
| CVE-2021-36426 | 2023-02-03 | File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. |
| CVE-2021-36431 | 2023-02-03 | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php. |
| CVE-2021-36432 | 2023-02-03 | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php. |
| CVE-2021-36433 | 2023-02-03 | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php. |
| CVE-2021-36434 | 2023-02-03 | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php. |
| CVE-2021-36443 | 2023-02-03 | Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. |
| CVE-2021-36444 | 2023-02-03 | Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. |
| CVE-2021-36484 | 2023-02-03 | SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. |
| CVE-2021-36489 | 2023-02-03 | Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon. |
| CVE-2021-36493 | 2023-02-03 | Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. |
| CVE-2021-36503 | 2023-02-03 | SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. |
| CVE-2021-36532 | 2023-02-03 | Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php. |
| CVE-2021-36535 | 2023-02-03 | Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf. |
| CVE-2021-36538 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. |
| CVE-2021-36544 | 2023-02-03 | Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. |
| CVE-2021-36545 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page. |
| CVE-2021-36546 | 2023-02-03 | Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. |