Lista CVE - 2023 / Febbraio
Visualizzazione 2101 - 2164 di 2164 CVE per Febbraio 2023 (Pagina 22 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-1027 | 2023-02-28 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3.... |
| CVE-2023-1026 | 2023-02-28 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including,... |
| CVE-2023-1024 | 2023-02-28 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3.... |
| CVE-2023-1023 | 2023-02-28 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including,... |
| CVE-2023-1022 | 2023-02-28 | The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3.... |
| CVE-2022-43459 | 2023-02-28 | WordPress Forms by CaptainForm Plugin <= 2.5.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24419 | 2023-02-28 | WordPress Formidable Forms Plugin <= 5.5.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23992 | 2023-02-28 | WordPress AutomatorWP Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26281 | 2023-02-28 | IBM HTTP Server denial of service |
| CVE-2023-0461 | 2023-02-28 | Use-after-free vulnerability in the Linux Kernel |
| CVE-2023-23983 | 2023-02-28 | WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23865 | 2023-02-28 | WordPress Stripe Payments For WooCommerce by Checkout Plugin <= 1.4.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47612 | 2023-02-28 | WordPress Participants Database Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47179 | 2023-02-28 | WordPress OWM Weather Plugin <= 5.6.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25807 | 2023-02-28 | DataEase dashboard has a stored XSS vulnerability |
| CVE-2023-22747 | 2023-02-28 | Multiple Unauthenticated Command Injections in the PAPI Protocol |
| CVE-2023-22748 | 2023-02-28 | Multiple Unauthenticated Command Injections in the PAPI Protocol |
| CVE-2023-22749 | 2023-02-28 | Multiple Unauthenticated Command Injections in the PAPI Protocol |
| CVE-2023-22750 | 2023-02-28 | Multiple Unauthenticated Command Injections in the PAPI Protocol |
| CVE-2023-0339 | 2023-02-28 | AM Web Policy Agent path traversal |
| CVE-2023-0511 | 2023-02-28 | AM Java Policy Agent path traversal |
| CVE-2023-22751 | 2023-02-28 | Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol |
| CVE-2023-22752 | 2023-02-28 | Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol |
| CVE-2023-25540 | 2023-02-28 | Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. |
| CVE-2023-22753 | 2023-02-28 | Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes |
| CVE-2023-22754 | 2023-02-28 | Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes |
| CVE-2023-22755 | 2023-02-28 | Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes |
| CVE-2023-22756 | 2023-02-28 | Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes |
| CVE-2023-22757 | 2023-02-28 | Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes |
| CVE-2023-22758 | 2023-02-28 | Authenticated Remote Command Execution in ArubaOS Web-based Management Interface |
| CVE-2023-23689 | 2023-02-28 | Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair... |
| CVE-2023-22759 | 2023-02-28 | Authenticated Remote Command Execution in ArubaOS Web-based Management Interface |
| CVE-2023-22760 | 2023-02-28 | Authenticated Remote Command Execution in ArubaOS Web-based Management Interface |
| CVE-2023-22761 | 2023-02-28 | Authenticated Remote Command Execution in ArubaOS Web-based Management Interface |
| CVE-2023-22762 | 2023-02-28 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface |
| CVE-2023-22763 | 2023-02-28 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface |
| CVE-2023-22764 | 2023-02-28 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface |
| CVE-2023-22765 | 2023-02-28 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface |
| CVE-2023-22766 | 2023-02-28 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface |
| CVE-2023-22767 | 2023-02-28 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface |
| CVE-2023-22768 | 2023-02-28 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface |
| CVE-2023-22769 | 2023-02-28 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface |
| CVE-2023-22770 | 2023-02-28 | Authenticated Remote Command Execution in the ArubaOS Command Line Interface |
| CVE-2023-22771 | 2023-02-28 | Insufficient Session Expiration in ArubaOS Command Line Interface |
| CVE-2023-22772 | 2023-02-28 | Authenticated Path Traversal in ArubaOS Web-based Management Interface Allows for Arbitrary File Deletion |
| CVE-2023-22773 | 2023-02-28 | Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion. |
| CVE-2023-22774 | 2023-02-28 | Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion. |
| CVE-2023-22775 | 2023-02-28 | Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface |
| CVE-2023-22776 | 2023-02-28 | Authenticated Remote Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Read |
| CVE-2023-22777 | 2023-02-28 | Authenticated Information Disclosure in ArubaOS Web-based Management Interface |
| CVE-2023-22778 | 2023-02-28 | Authenticated Stored Cross-Site Scripting |
| CVE-2022-41722 | 2023-02-28 | Path traversal on Windows in path/filepath |
| CVE-2022-41725 | 2023-02-28 | Excessive resource consumption in mime/multipart |
| CVE-2022-41724 | 2023-02-28 | Panic on large handshake records in crypto/tls |
| CVE-2022-41723 | 2023-02-28 | Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net |
| CVE-2022-41727 | 2023-02-28 | Denial of service via crafted TIFF image in golang.org/x/image/tiff |
| CVE-2023-1018 | 2023-02-28 | TPM2.0 vulnerable to out-of-bounds read |
| CVE-2023-1017 | 2023-02-28 | TPM2.0 vulnerable to out-of-bounds write |
| CVE-2023-1065 | 2023-02-28 | This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not... |
| CVE-2023-1099 | 2023-02-28 | SourceCodester Online Student Management System edit-class-detail.php sql injection |
| CVE-2023-1100 | 2023-02-28 | SourceCodester Online Catering Reservation System POST Parameter add_message.php sql injection |
| CVE-2023-25575 | 2023-02-28 | Secured properties in API Platform Core may be accessible within collections |
| CVE-2023-0847 | 2023-02-28 | The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled... |
| CVE-2022-3162 | 2023-03-01 | Unauthorized read of Custom Resources |
| CVE-2022-3294 | 2023-03-01 | Node address isn't always verified when proxying |
| CVE-2022-45608 | 2023-03-01 | An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is... |
| CVE-2022-48309 | 2023-03-01 | A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. |
| CVE-2022-48310 | 2023-03-01 | An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. |
| CVE-2022-4901 | 2023-03-01 | Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded... |
| CVE-2023-1104 | 2023-03-01 | Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress |
| CVE-2023-1105 | 2023-03-01 | External Control of File Name or Path in flatpressblog/flatpress |
| CVE-2023-1115 | 2023-03-01 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-1116 | 2023-03-01 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-1117 | 2023-03-01 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-1127 | 2023-03-01 | Divide By Zero in vim/vim |
| CVE-2023-23000 | 2023-03-01 | In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. |
| CVE-2023-23001 | 2023-03-01 | In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
| CVE-2023-23002 | 2023-03-01 | In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
| CVE-2023-23003 | 2023-03-01 | In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value. |
| CVE-2023-23004 | 2023-03-01 | In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
| CVE-2023-23005 | 2023-03-01 | In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this... |
| CVE-2023-23006 | 2023-03-01 | In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
| CVE-2023-23315 | 2023-03-01 | The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial... |
| CVE-2023-24045 | 2023-03-01 | In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request. |
| CVE-2023-24117 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24118 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet. |
| CVE-2023-24119 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet. |
| CVE-2023-24120 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24121 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24122 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24123 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. |
| CVE-2023-24124 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet. |
| CVE-2023-24125 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24126 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24127 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. |
| CVE-2023-24128 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet. |
| CVE-2023-24129 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet. |
| CVE-2023-24130 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet. |
| CVE-2023-24131 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24132 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet. |