Lista CVE - 2023 / Marzo
Visualizzazione 901 - 1000 di 2488 CVE per Marzo 2023 (Pagina 10 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-23414 | 2023-03-14 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
| CVE-2023-23415 | 2023-03-14 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability |
| CVE-2023-23416 | 2023-03-14 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| CVE-2023-23417 | 2023-03-14 | Windows Partition Management Driver Elevation of Privilege Vulnerability |
| CVE-2023-23418 | 2023-03-14 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2023-23419 | 2023-03-14 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2023-23420 | 2023-03-14 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-23421 | 2023-03-14 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-23422 | 2023-03-14 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-23423 | 2023-03-14 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-24857 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24858 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24859 | 2023-03-14 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
| CVE-2023-24861 | 2023-03-14 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2023-24862 | 2023-03-14 | Windows Secure Channel Denial of Service Vulnerability |
| CVE-2023-24863 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24864 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability |
| CVE-2023-24865 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24866 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24906 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24867 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24907 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24868 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24908 | 2023-03-14 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-24869 | 2023-03-14 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-24909 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24910 | 2023-03-14 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2023-24870 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24911 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24871 | 2023-03-14 | Windows Bluetooth Service Remote Code Execution Vulnerability |
| CVE-2023-24872 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24913 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24876 | 2023-03-14 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24880 | 2023-03-14 | Windows SmartScreen Security Feature Bypass Vulnerability |
| CVE-2023-24890 | 2023-03-14 | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability |
| CVE-2023-24892 | 2023-03-14 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability |
| CVE-2023-27588 | 2023-03-14 | Unauthenticated path traversal vulnerability in Hasura GraphQL Engine |
| CVE-2023-27589 | 2023-03-14 | Minio vulnerable to denial of access by an admin privileged user for root credential |
| CVE-2023-27590 | 2023-03-14 | Rizin has stack-based buffer overflow when parsing GDB registers profile files |
| CVE-2023-28005 | 2023-03-14 | A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows� Secure... |
| CVE-2023-24229 | 2023-03-15 | DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects... |
| CVE-2023-24726 | 2023-03-15 | Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. |
| CVE-2023-27102 | 2023-03-15 | Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. |
| CVE-2023-27103 | 2023-03-15 | Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. |
| CVE-2020-27507 | 2023-03-15 | The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact. |
| CVE-2022-4313 | 2023-03-15 | A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary... |
| CVE-2022-45155 | 2023-03-15 | obs-service-go_modules: arbitrary directory delete |
| CVE-2023-0100 | 2023-03-15 | In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign).... |
| CVE-2023-1389 | 2023-03-15 | TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the... |
| CVE-2023-24468 | 2023-03-15 | Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2 |
| CVE-2023-24728 | 2023-03-15 | Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the contact parameter in the user profile update function. |
| CVE-2023-24729 | 2023-03-15 | Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the address parameter in the user profile update function. |
| CVE-2023-24730 | 2023-03-15 | Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the company parameter in the user profile update function. |
| CVE-2023-24731 | 2023-03-15 | Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query parameter in the user profile update function. |
| CVE-2023-24732 | 2023-03-15 | Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the gender parameter in the user profile update function. |
| CVE-2023-25267 | 2023-03-15 | An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request... |
| CVE-2023-25282 | 2023-03-15 | A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp. |
| CVE-2023-25344 | 2023-03-15 | An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function. |
| CVE-2023-25345 | 2023-03-15 | Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags. |
| CVE-2023-26084 | 2023-03-15 | The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly... |
| CVE-2023-26912 | 2023-03-15 | Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button. |
| CVE-2023-27234 | 2023-03-15 | A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. |
| CVE-2023-27235 | 2023-03-15 | An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. |
| CVE-2023-27239 | 2023-03-15 | Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet. |
| CVE-2023-27240 | 2023-03-15 | Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. |
| CVE-2023-27757 | 2023-03-15 | An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. |
| CVE-2023-27781 | 2023-03-15 | jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c. |
| CVE-2023-28337 | 2023-03-15 | When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks.... |
| CVE-2023-28338 | 2023-03-15 | Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device... |
| CVE-2023-28371 | 2023-03-15 | In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. |
| CVE-2023-28450 | 2023-03-15 | An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. |
| CVE-2023-28460 | 2023-03-15 | A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in... |
| CVE-2023-28461 | 2023-03-15 | Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in... |
| CVE-2023-28466 | 2023-03-15 | do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). |
| CVE-2023-1407 | 2023-03-15 | SourceCodester Student Study Center Desk Management System manage_user.php sql injection |
| CVE-2023-25695 | 2023-03-15 | Information disclosure in Apache Airflow |
| CVE-2023-25968 | 2023-03-15 | WordPress Client Portal – Private user pages and login Plugin <= 1.1.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25709 | 2023-03-15 | WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25708 | 2023-03-15 | WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47427 | 2023-03-15 | WordPress My Calendar Plugin <= 3.3.24.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-0322 | 2023-03-15 | XSS in Talent Software UNIS |
| CVE-2022-44580 | 2023-03-15 | WordPress Plugin for Google Reviews Plugin <= 2.2.3 is vulnerable to SQL Injection |
| CVE-2022-38456 | 2023-03-15 | WordPress Ajax Search Lite Plugin <= 4.10.3 is vulnerable to Sensitive Data Exposure |
| CVE-2022-34148 | 2023-03-15 | WordPress Backup Guard Plugin <= 1.6.9.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1415 | 2023-03-15 | Simple Art Gallery adminHome.php sliderPicSubmit unrestricted upload |
| CVE-2022-37402 | 2023-03-15 | WordPress AFS Analytics Plugin <= 4.18 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1379 | 2023-03-15 | SourceCodester Friendly Island Pizza Website and Ordering System POST Parameter addmem.php sql injection |
| CVE-2023-1416 | 2023-03-15 | Simple Art Gallery adminHome.php sql injection |
| CVE-2023-1418 | 2023-03-15 | SourceCodester Friendly Island Pizza Website and Ordering System POST Parameter cashconfirm.php cross site scripting |
| CVE-2022-37940 | 2023-03-15 | Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made... |
| CVE-2022-43874 | 2023-03-15 | IBM App Connect Enterprise Certified Container |
| CVE-2023-26284 | 2023-03-15 | IBM MQ Certified Container improper access controls |
| CVE-2023-25804 | 2023-03-15 | Roxy-WI vulnerable to Limited Path Traversal in name parameter |
| CVE-2020-4927 | 2023-03-15 | IBM Spectrum Scale information disclosure |
| CVE-2022-46774 | 2023-03-15 | IBM Manage Application security bypass |
| CVE-2023-22876 | 2023-03-15 | IBM Sterling B2B Integrator information disclosure |
| CVE-2020-4556 | 2023-03-15 | IBM Financial Transaction Manager information disclosure |
| CVE-2023-25680 | 2023-03-15 | IBM Robotic Process Automation information disclosure |
| CVE-2022-46773 | 2023-03-15 | IBM Robotic Process Automation security bypass |
| CVE-2023-22591 | 2023-03-15 | IBM Robotic Process Automation session fixation |