Lista CVE - 2023 / Marzo
Visualizzazione 1101 - 1200 di 2488 CVE per Marzo 2023 (Pagina 12 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-36821 | 2023-03-16 | WordPress Forminator plugin <= 1.14.11 - Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2023-28104 | 2023-03-16 | silverstripe/graphql Denial of Service vulnerability |
| CVE-2023-28100 | 2023-03-16 | TIOCLINUX can send commands outside sandbox if running on a virtual console |
| CVE-2023-28101 | 2023-03-16 | Flatpak metadata with ANSI control codes can cause misleading terminal output |
| CVE-2023-28110 | 2023-03-16 | JumpServer Koko vulnerable to Command Injection for Kubernetes Connection |
| CVE-2023-28105 | 2023-03-16 | Go-huge-util vulnerable to path traversal when unzipping files |
| CVE-2023-28106 | 2023-03-16 | Pimcore vulnerable to Cross-site Scripting in UrlSlug Data type |
| CVE-2023-28108 | 2023-03-16 | Pimcore has improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model |
| CVE-2023-28109 | 2023-03-16 | Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key |
| CVE-2023-0811 | 2023-03-16 | Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to... |
| CVE-2023-1256 | 2023-03-16 | CVE-2023-1256 |
| CVE-2023-0598 | 2023-03-16 | GE Digital Proficy Code Injection |
| CVE-2022-43606 | 2023-03-16 | A use-of-uninitialized-pointer vulnerability exists in the Forward Open connection_management_entry functionality of EIP Stack Group OpENer development commit 58ee13c. A specially-crafted EtherNet/IP request can lead to use of a null pointer,... |
| CVE-2022-43441 | 2023-03-16 | A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious... |
| CVE-2022-43604 | 2023-03-16 | An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially... |
| CVE-2022-43605 | 2023-03-16 | An out-of-bounds write vulnerability exists in the SetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out of bounds... |
| CVE-2023-23935 | 2023-03-16 | Presence of restricted personal Discourse messages may be leaked if tagged with a tag |
| CVE-2023-27494 | 2023-03-16 | Streamlit Cross-site Scripting vulnerability |
| CVE-2023-1436 | 2023-03-16 | Infinite recursion in Jettison leads to denial of service when creating a crafted JSONArray |
| CVE-2023-1463 | 2023-03-17 | Authorization Bypass Through User-Controlled Key in nilsteampassnet/teampass |
| CVE-2023-24678 | 2023-03-17 | A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attackers to cause a Denial of Service (DoS) via a crafted Zigbee message. |
| CVE-2023-27253 | 2023-03-17 | A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the... |
| CVE-2023-28531 | 2023-03-17 | ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. |
| CVE-2021-21548 | 2023-03-17 | Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An... |
| CVE-2023-1439 | 2023-03-17 | SourceCodester Medicine Tracker System GET Parameter view_details.php sql injection |
| CVE-2023-1440 | 2023-03-17 | SourceCodester Automatic Question Paper Generator System GET Parameter manage_user.php sql injection |
| CVE-2023-1441 | 2023-03-17 | SourceCodester Automatic Question Paper Generator System GET Parameter view_course.php sql injection |
| CVE-2023-1442 | 2023-03-17 | Meizhou Qingyunke QYKCMS Update api.php unrestricted upload |
| CVE-2023-1443 | 2023-03-17 | Filseclab Twister Antivirus IoControlCode fildds.sys 0x80112053 denial of service |
| CVE-2023-1444 | 2023-03-17 | Filseclab Twister Antivirus IoControlCode fildds.sys 0x8011206B denial of service |
| CVE-2023-1445 | 2023-03-17 | Filseclab Twister Antivirus IoControlCode fildds.sys 0x80112053 denial of service |
| CVE-2023-1446 | 2023-03-17 | Watchdog Anti-Virus IoControlCode wsdk-driver.sys 0x80002008 denial of service |
| CVE-2023-1447 | 2023-03-17 | SourceCodester Medicine Tracker System cross site scripting |
| CVE-2023-1448 | 2023-03-17 | GPAC mpegts.c gf_m2ts_process_sdt heap-based overflow |
| CVE-2023-1449 | 2023-03-17 | GPAC av_parsers.c gf_av1_reset_state double free |
| CVE-2023-1450 | 2023-03-17 | MP4v2 mp4trackdump.cpp DumpTrack denial of service |
| CVE-2023-1451 | 2023-03-17 | MP4v2 mp4track.cpp GetSampleFileOffset denial of service |
| CVE-2023-1452 | 2023-03-17 | GPAC load_text.c buffer overflow |
| CVE-2023-1453 | 2023-03-17 | Watchdog Anti-Virus IoControlCode wsdk-driver.sys 0x80002008 access control |
| CVE-2023-1454 | 2023-03-17 | jeecg-boot qurestSql sql injection |
| CVE-2023-1455 | 2023-03-17 | SourceCodester Online Pizza Ordering System Login Page sql injection |
| CVE-2023-1459 | 2023-03-17 | SourceCodester Canteen Management System changeUsername.php sql injection |
| CVE-2023-1460 | 2023-03-17 | SourceCodester Online Pizza Ordering System Password Change improper authentication |
| CVE-2023-1461 | 2023-03-17 | SourceCodester Canteen Management System createCategories.php query sql injection |
| CVE-2023-1152 | 2023-03-17 | SQLi in Utarit Persolus |
| CVE-2023-1464 | 2023-03-17 | SourceCodester Medicine Tracker System improper authentication |
| CVE-2023-1466 | 2023-03-17 | SourceCodester Student Study Center Desk Management System view_student sql injection |
| CVE-2023-1467 | 2023-03-17 | SourceCodester Student Study Center Desk Management System POST Parameter path traversal |
| CVE-2023-1468 | 2023-03-17 | SourceCodester Student Study Center Desk Management System Report sql injection |
| CVE-2023-1172 | 2023-03-17 | The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output... |
| CVE-2023-1469 | 2023-03-17 | The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and... |
| CVE-2023-1471 | 2023-03-17 | The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'banner_id' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user... |
| CVE-2023-1470 | 2023-03-17 | The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input... |
| CVE-2022-43461 | 2023-03-17 | WordPress Slideshow SE Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45814 | 2023-03-17 | WordPress WP Calendar Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45817 | 2023-03-17 | WordPress GC Testimonials Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23622 | 2023-03-17 | Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users |
| CVE-2023-1472 | 2023-03-17 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation... |
| CVE-2023-1474 | 2023-03-17 | SourceCodester Automatic Question Paper Generator System GET Parameter manage_question_paper.php sql injection |
| CVE-2023-1475 | 2023-03-17 | SourceCodester Canteen Management System createuser.php query sql injection |
| CVE-2023-26040 | 2023-03-17 | Discourse chat messages susceptible to Cross-site Scripting through chat excerpts |
| CVE-2022-46854 | 2023-03-17 | WordPress Launchpad – Coming Soon & Maintenance Mode Plugin Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46867 | 2023-03-17 | WordPress Universal Star Rating Plugin <= 2.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25172 | 2023-03-17 | Discourse vulnerable to Cross-site Scripting - user name displayed on post |
| CVE-2023-28107 | 2023-03-17 | Discourse vulnerable to multisite DoS by spamming backups |
| CVE-2023-0027 | 2023-03-17 | Rockwell Automation Modbus TCP AOI Server Could Leak Sensitive Information |
| CVE-2023-28111 | 2023-03-17 | Discourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses |
| CVE-2023-28112 | 2023-03-17 | Discourse's SSRF protection missing for some FastImage requests |
| CVE-2023-27592 | 2023-03-17 | Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler |
| CVE-2023-27591 | 2023-03-17 | Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics |
| CVE-2023-27593 | 2023-03-17 | cilium-agent container can access the host via `hostPath` mount |
| CVE-2023-27594 | 2023-03-17 | Cilium vulnerable to potential network policy bypass when routing IPv6 traffic |
| CVE-2023-25069 | 2023-03-17 | TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level.... |
| CVE-2023-27595 | 2023-03-17 | Cilium eBPF filters may be temporarily removed during agent restart |
| CVE-2023-28115 | 2023-03-17 | Snappy vulnerable to PHAR deserialization, allowing remote code execution |
| CVE-2023-28116 | 2023-03-17 | Buffer overflow in L2CAP due to misconfigured MTU |
| CVE-2021-46877 | 2023-03-18 | jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode... |
| CVE-2023-24278 | 2023-03-18 | Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability. |
| CVE-2023-28606 | 2023-03-18 | js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. |
| CVE-2023-28607 | 2023-03-18 | js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip. |
| CVE-2023-28609 | 2023-03-18 | api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication. |
| CVE-2023-26113 | 2023-03-18 | Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js. |
| CVE-2023-1479 | 2023-03-18 | SourceCodester Simple Music Player save_music.php unrestricted upload |
| CVE-2023-1480 | 2023-03-18 | SourceCodester Monitoring of Students Cyber Accounts System POST Parameter login.php sql injection |
| CVE-2023-1481 | 2023-03-18 | SourceCodester Monitoring of Students Cyber Accounts System POST Parameter cross site scripting |
| CVE-2023-1482 | 2023-03-18 | HkCms External Plugin code injection |
| CVE-2023-1483 | 2023-03-18 | XiaoBingBy TeaCMS getallarticleinfo sql injection |
| CVE-2023-1484 | 2023-03-18 | xzjie cms upload unrestricted upload |
| CVE-2023-1485 | 2023-03-18 | SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php cross site scripting |
| CVE-2023-1486 | 2023-03-18 | Lespeed WiseCleaner Wise Force Deleter IoControlCode WiseUnlock64.sys 0x220004 access control |
| CVE-2023-1487 | 2023-03-18 | Lespeed WiseCleaner Wise System Monitor IoControlCode WiseHDInfo64.dll 0x9C40A0E0 denial of service |
| CVE-2023-1488 | 2023-03-18 | Lespeed WiseCleaner Wise System Monitor IoControlCode WiseHDInfo64.dll 0x9C40A0E0 denial of service |
| CVE-2023-1489 | 2023-03-18 | Lespeed WiseCleaner Wise System Monitor IoControlCode WiseHDInfo64.dll 0x9C402088 access control |
| CVE-2023-1490 | 2023-03-18 | Max Secure Anti Virus Plus IoControlCode SDActMon.sys 0x220020 access control |
| CVE-2023-1491 | 2023-03-18 | Max Secure Anti Virus Plus IoControlCode MaxCryptMon.sys 0x220020 access control |
| CVE-2023-1492 | 2023-03-18 | Max Secure Anti Virus Plus IoControlCode MaxProc64.sys 0x220019 denial of service |
| CVE-2023-1493 | 2023-03-18 | Max Secure Anti Virus Plus IoControlCode MaxProctetor64.sys 0x220019 denial of service |
| CVE-2023-1494 | 2023-03-18 | IBOS ApiController.php sql injection |
| CVE-2023-1495 | 2023-03-18 | Rebuild list queryListOfConfig sql injection |
| CVE-2022-48422 | 2023-03-19 | ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in... |