Lista CVE - 2023 / Marzo
Visualizzazione 1001 - 1100 di 2488 CVE per Marzo 2023 (Pagina 11 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-27596 | 2023-03-15 | OpenSIPS has vulnerability in the codec_delete_XX() functions |
| CVE-2023-27597 | 2023-03-15 | OpenSIPS has vulnerability in the parse_uri() function |
| CVE-2023-27598 | 2023-03-15 | OpenSIPS has vulnerability in the parse_via() function |
| CVE-2023-26484 | 2023-03-15 | On a compromised KubeVirt node, the virt-handler service account can be used to modify all node specs |
| CVE-2023-27599 | 2023-03-15 | OpenSIPS has vulnerability in the parse_to_param() function |
| CVE-2023-27600 | 2023-03-15 | OpenSIPS has vulnerability in the codec_delete_XX() functions |
| CVE-2023-27601 | 2023-03-15 | OpenSIPS has vulnerability in the codec_delete_XX() functions |
| CVE-2023-28095 | 2023-03-15 | OpenSIPS has vulnerability in the building the local negative replies |
| CVE-2023-28096 | 2023-03-15 | OpenSIPS has memory leak in cJSON lib |
| CVE-2023-28097 | 2023-03-15 | OpenSIPS has vulnerability in the Content-Length Parser |
| CVE-2023-28098 | 2023-03-15 | OpenSIPS has vulnerability in the Digest Authentication Parser |
| CVE-2023-28099 | 2023-03-15 | OpenSIPS has vulnerability in the ds_is_in_list() function |
| CVE-2023-1421 | 2023-03-15 | Reflected XSS in OAuth flow completion endpoints |
| CVE-2023-21461 | 2023-03-16 | Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. |
| CVE-2023-21462 | 2023-03-16 | The sensitive information exposure vulnerability in Quick Share Agent prior to versions 3.5.14.18 in Android 12 and 3.5.16.20 in Android 13 allows to local attacker to access MAC address without... |
| CVE-2023-21463 | 2023-03-16 | Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information... |
| CVE-2023-21464 | 2023-03-16 | Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status. |
| CVE-2023-21465 | 2023-03-16 | Improper access control vulnerability in BixbyTouch prior to version 3.2.02.5 in China models allows untrusted applications access local files. |
| CVE-2023-28155 | 2023-03-16 | The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE:... |
| CVE-2023-28486 | 2023-03-16 | Sudo before 1.9.13 does not escape control characters in log messages. |
| CVE-2023-28487 | 2023-03-16 | Sudo before 1.9.13 does not escape control characters in sudoreplay output. |
| CVE-2020-19947 | 2023-03-16 | Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage. |
| CVE-2020-22647 | 2023-03-16 | An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions. |
| CVE-2021-31637 | 2023-03-16 | An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, 3.0.1, 3.0.2 allows a remote attacker to execute arbitrary code via a crafted DLL. |
| CVE-2022-4009 | 2023-03-16 | In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation |
| CVE-2023-1390 | 2023-03-16 | A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which... |
| CVE-2023-1429 | 2023-03-16 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore |
| CVE-2023-21449 | 2023-03-16 | Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. |
| CVE-2023-21452 | 2023-03-16 | Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. |
| CVE-2023-21453 | 2023-03-16 | Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data. |
| CVE-2023-21454 | 2023-03-16 | Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. |
| CVE-2023-21455 | 2023-03-16 | Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message. |
| CVE-2023-21456 | 2023-03-16 | Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid. |
| CVE-2023-21457 | 2023-03-16 | Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission. |
| CVE-2023-21458 | 2023-03-16 | Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent. |
| CVE-2023-21459 | 2023-03-16 | Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault. |
| CVE-2023-21460 | 2023-03-16 | Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting. |
| CVE-2023-22880 | 2023-03-16 | Information Disclosure in Zoom for Windows Clients |
| CVE-2023-22881 | 2023-03-16 | Denial of Service in Zoom Clients |
| CVE-2023-22882 | 2023-03-16 | Denial of Service in Zoom Clients |
| CVE-2023-22883 | 2023-03-16 | Local Privilege Escalation in Zoom for Windows Installers |
| CVE-2023-23150 | 2023-03-16 | SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to code execution. |
| CVE-2023-24671 | 2023-03-16 | VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file. |
| CVE-2023-24760 | 2023-03-16 | An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController. |
| CVE-2023-24795 | 2023-03-16 | Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483. |
| CVE-2023-25280 | 2023-03-16 | OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. |
| CVE-2023-25281 | 2023-03-16 | A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp. |
| CVE-2023-26767 | 2023-03-16 | Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. |
| CVE-2023-26768 | 2023-03-16 | Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. |
| CVE-2023-26769 | 2023-03-16 | Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. |
| CVE-2023-26784 | 2023-03-16 | SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter. |
| CVE-2023-26951 | 2023-03-16 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module. |
| CVE-2023-27037 | 2023-03-16 | Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php |
| CVE-2023-27040 | 2023-03-16 | Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter. |
| CVE-2023-27041 | 2023-03-16 | School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php. |
| CVE-2023-27059 | 2023-03-16 | A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit... |
| CVE-2023-27084 | 2023-03-16 | Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. |
| CVE-2023-27095 | 2023-03-16 | Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. |
| CVE-2023-27130 | 2023-03-16 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. |
| CVE-2023-27131 | 2023-03-16 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter. |
| CVE-2023-27250 | 2023-03-16 | Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php. |
| CVE-2023-27707 | 2023-03-16 | SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. |
| CVE-2023-27709 | 2023-03-16 | SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. |
| CVE-2023-27711 | 2023-03-16 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component. |
| CVE-2023-27783 | 2023-03-16 | An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. |
| CVE-2023-27784 | 2023-03-16 | An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. |
| CVE-2023-27785 | 2023-03-16 | An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. |
| CVE-2023-27786 | 2023-03-16 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. |
| CVE-2023-27787 | 2023-03-16 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. |
| CVE-2023-27788 | 2023-03-16 | An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint. |
| CVE-2023-27789 | 2023-03-16 | An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. |
| CVE-2023-28113 | 2023-03-16 | russh may use insecure Diffie-Hellman keys |
| CVE-2022-38063 | 2023-03-16 | WordPress Social Login WP Plugin <= 5.0.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-38971 | 2023-03-16 | WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-40699 | 2023-03-16 | WordPress Yet Another Stars Rating Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-41554 | 2023-03-16 | WordPress Slideshow SE Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24571 | 2023-03-16 | Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution. |
| CVE-2022-34406 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34407 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34408 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34409 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34410 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34411 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34412 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34413 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34414 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34415 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34416 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34417 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34418 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34419 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34420 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34421 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34422 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34423 | 2023-03-16 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2023-1431 | 2023-03-16 | The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports... |
| CVE-2023-27875 | 2023-03-16 | IBM Aspera Faspex improper access controls |
| CVE-2023-1432 | 2023-03-16 | SourceCodester Online Food Ordering System POST Request access control |
| CVE-2022-26080 | 2023-03-16 | Easily guessable session ID's in NE843 Pulsar Plus Controller |
| CVE-2023-1433 | 2023-03-16 | SourceCodester Gadget Works Online Ordering System Products unrestricted upload |