Lista CVE - 2023 / Febbraio
Visualizzazione 201 - 300 di 2164 CVE per Febbraio 2023 (Pagina 3 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-36569 | 2023-02-03 | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. |
| CVE-2021-36570 | 2023-02-03 | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. |
| CVE-2021-36712 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. |
| CVE-2021-37234 | 2023-02-03 | Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API. |
| CVE-2021-37304 | 2023-02-03 | An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. |
| CVE-2021-37305 | 2023-02-03 | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. |
| CVE-2021-37306 | 2023-02-03 | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. |
| CVE-2021-37311 | 2023-02-03 | Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application's listening port. |
| CVE-2021-37315 | 2023-02-03 | Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for... |
| CVE-2021-37316 | 2023-02-03 | SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. |
| CVE-2021-37317 | 2023-02-03 | Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and... |
| CVE-2021-37373 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings.... |
| CVE-2021-37374 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states... |
| CVE-2021-37378 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System... |
| CVE-2021-37497 | 2023-02-03 | SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. |
| CVE-2021-37501 | 2023-02-03 | Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. |
| CVE-2021-37502 | 2023-02-03 | Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user. |
| CVE-2021-37518 | 2023-02-03 | Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature. |
| CVE-2021-37519 | 2023-02-03 | Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. |
| CVE-2022-31733 | 2023-02-03 | Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress... |
| CVE-2022-34138 | 2023-02-03 | Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information. |
| CVE-2022-42908 | 2023-02-03 | WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious... |
| CVE-2022-42909 | 2023-02-03 | WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print... |
| CVE-2022-45491 | 2023-02-03 | Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. |
| CVE-2022-45496 | 2023-02-03 | Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. |
| CVE-2022-45588 | 2023-02-03 | All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and... |
| CVE-2022-47070 | 2023-02-03 | NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return... |
| CVE-2022-47130 | 2023-02-03 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. |
| CVE-2022-47131 | 2023-02-03 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. |
| CVE-2022-47762 | 2023-02-03 | In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. |
| CVE-2022-48021 | 2023-02-03 | A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server. |
| CVE-2022-48022 | 2023-02-03 | An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see. |
| CVE-2023-20854 | 2023-02-03 | VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file... |
| CVE-2023-23086 | 2023-02-03 | Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function. |
| CVE-2023-23087 | 2023-02-03 | An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function. |
| CVE-2023-23088 | 2023-02-03 | Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function. |
| CVE-2023-23635 | 2023-02-03 | In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. |
| CVE-2023-23636 | 2023-02-03 | In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. |
| CVE-2023-24029 | 2023-02-03 | In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification... |
| CVE-2023-24138 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. |
| CVE-2023-24139 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. |
| CVE-2023-24140 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. |
| CVE-2023-24141 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. |
| CVE-2023-24142 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. |
| CVE-2023-24143 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. |
| CVE-2023-24144 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. |
| CVE-2023-24145 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function. |
| CVE-2023-24146 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function. |
| CVE-2023-24147 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini. |
| CVE-2023-24148 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function. |
| CVE-2023-24149 | 2023-02-03 | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow. |
| CVE-2023-24150 | 2023-02-03 | A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. |
| CVE-2023-24151 | 2023-02-03 | A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. |
| CVE-2023-24152 | 2023-02-03 | A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. |
| CVE-2023-24153 | 2023-02-03 | A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. |
| CVE-2023-24154 | 2023-02-03 | TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. |
| CVE-2023-24155 | 2023-02-03 | TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. |
| CVE-2023-24156 | 2023-02-03 | A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. |
| CVE-2023-24157 | 2023-02-03 | A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. |
| CVE-2023-24613 | 2023-02-03 | The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after... |
| CVE-2023-25135 | 2023-02-03 | vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is... |
| CVE-2023-25139 | 2023-02-03 | sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write... |
| CVE-2023-0659 | 2023-02-03 | BDCOM 1704-WGL Backup File param.file.tgz information disclosure |
| CVE-2023-0661 | 2023-02-03 | Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. |
| CVE-2022-43779 | 2023-02-03 | A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service,... |
| CVE-2022-38396 | 2023-02-03 | HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the... |
| CVE-2023-24576 | 2023-02-03 | EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used. |
| CVE-2023-23477 | 2023-02-03 | IBM WebSphere Application Server code execution |
| CVE-2023-23925 | 2023-02-03 | Switcher Client contains Regular Expression Denial of Service (ReDoS) |
| CVE-2023-23933 | 2023-02-03 | Issue in Anomaly Detection with document and field level rules in numerical feature aggregations |
| CVE-2023-23937 | 2023-02-03 | Missing file upload type validation in pimcore/pimcore |
| CVE-2023-23940 | 2023-02-03 | OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass |
| CVE-2013-10015 | 2023-02-03 | fanzila WebFinance save_Contract_Signer_Role.php sql injection |
| CVE-2013-10016 | 2023-02-03 | fanzila WebFinance save_taxes.php sql injection |
| CVE-2023-22474 | 2023-02-03 | Parse Server is vulnerable to authentication bypass via spoofing |
| CVE-2023-23932 | 2023-02-03 | Specially crafted RTPS message may cause an OpenDDS application to crash |
| CVE-2023-23941 | 2023-02-03 | SwagPayPal payment not sent to PayPal correctly |
| CVE-2023-0663 | 2023-02-03 | Calendar Event Management System Login Page sql injection |
| CVE-2023-22746 | 2023-02-03 | CKAN is vulnerable to session secret shared across instances using Docker images |
| CVE-2022-23498 | 2023-02-03 | When query caching is enabled in Grafana users can query another users session |
| CVE-2022-24895 | 2023-02-03 | Symfony vulnerable to Session Fixation of CSRF tokens |
| CVE-2022-24894 | 2023-02-03 | Symfony storing cookie headers in HttpCache |
| CVE-2023-23615 | 2023-02-03 | Malicious users in Discourse can create spam topics as any user due to improper access control |
| CVE-2013-10017 | 2023-02-03 | fanzila WebFinance save_roles.php sql injection |
| CVE-2013-10018 | 2023-02-03 | fanzila WebFinance save_contact.php sql injection |
| CVE-2023-0671 | 2023-02-04 | Code Injection in froxlor/froxlor |
| CVE-2023-0676 | 2023-02-04 | Cross-site Scripting (XSS) - Reflected in phpipam/phpipam |
| CVE-2023-0677 | 2023-02-04 | Cross-site Scripting (XSS) - Reflected in phpipam/phpipam |
| CVE-2023-0678 | 2023-02-04 | Missing Authorization in phpipam/phpipam |
| CVE-2023-25193 | 2023-02-04 | hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. |
| CVE-2015-10072 | 2023-02-04 | NREL api-umbrella-web Flash Message cross site scripting |
| CVE-2018-25079 | 2023-02-04 | Segmentio is-url index.js redos |
| CVE-2023-0673 | 2023-02-04 | SourceCodester Online Eyewear Shop sql injection |
| CVE-2023-0674 | 2023-02-04 | XXL-JOB New Password updatePwd cross-site request forgery |
| CVE-2023-0675 | 2023-02-04 | Calendar Event Management System sql injection |
| CVE-2018-25080 | 2023-02-04 | MobileDetect Example session_example.php initLayoutType cross site scripting |
| CVE-2019-25101 | 2023-02-04 | OnShift TurboGears HTTP Header controllers.py response splitting |
| CVE-2023-22849 | 2023-02-04 | Apache Sling App CMS: XSS in CMS Reference / UI Components |
| CVE-2022-45786 | 2023-02-04 | Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection |
| CVE-2017-20175 | 2023-02-05 | DaSchTour matomo-mediawiki-extension Username Piwik.hooks.php cross site scripting |