Lista CVE - 2023 / Marzo
Visualizzazione 1201 - 1300 di 2488 CVE per Marzo 2023 (Pagina 13 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-48423 | 2023-03-19 | In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. |
| CVE-2022-48424 | 2023-03-19 | In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. |
| CVE-2022-48425 | 2023-03-19 | In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. |
| CVE-2023-1496 | 2023-03-19 | Cross-site Scripting (XSS) - Reflected in imgproxy/imgproxy |
| CVE-2023-26805 | 2023-03-19 | Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify. |
| CVE-2023-26806 | 2023-03-19 | Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime, |
| CVE-2023-26905 | 2023-03-19 | An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id. |
| CVE-2023-28617 | 2023-03-19 | org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. |
| CVE-2023-1497 | 2023-03-19 | SourceCodester Simple and Nice Shopping Cart Script uploaderm.php unrestricted upload |
| CVE-2023-1498 | 2023-03-19 | code-projects Responsive Hotel Site Newsletter Log messages.php sql injection |
| CVE-2023-1499 | 2023-03-19 | code-projects Simple Art Gallery adminHome.php sql injection |
| CVE-2023-1500 | 2023-03-19 | code-projects Simple Art Gallery adminHome.php cross site scripting |
| CVE-2023-1501 | 2023-03-19 | RockOA acloudCosAction.php.SQL runAction unrestricted upload |
| CVE-2023-1515 | 2023-03-20 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-1517 | 2023-03-20 | Cross-site Scripting (XSS) - DOM in pimcore/pimcore |
| CVE-2015-10096 | 2023-03-20 | Zarthus IRC Twitter Announcer Bot twitter_announcer.rb get_tweets command injection |
| CVE-2022-4933 | 2023-03-20 | ATM Consulting dolibarr_module_quicksupplierprice interface.php upatePrice sql injection |
| CVE-2023-1502 | 2023-03-20 | SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql injection |
| CVE-2023-1503 | 2023-03-20 | SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection |
| CVE-2023-1248 | 2023-03-20 | Possible XSS in Ticket Actions |
| CVE-2023-1250 | 2023-03-20 | Code execution through ACL creation |
| CVE-2023-1504 | 2023-03-20 | SourceCodester Alphaware Simple E-Commerce System sql injection |
| CVE-2023-1505 | 2023-03-20 | SourceCodester E-Commerce System setDiscount.php sql injection |
| CVE-2023-1506 | 2023-03-20 | SourceCodester E-Commerce System login.php sql injection |
| CVE-2023-25782 | 2023-03-20 | WordPress Service Area Postcode Checker Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1507 | 2023-03-20 | SourceCodester E-Commerce System Category Name controller.php cross site scripting |
| CVE-2023-25795 | 2023-03-20 | WordPress Feed Changer Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25794 | 2023-03-20 | WordPress Nooz Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25064 | 2023-03-20 | WordPress WP htpasswd Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24381 | 2023-03-20 | WordPress Advanced Social Pixel Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22681 | 2023-03-20 | WordPress Online Exam Software : eExamhall Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22678 | 2023-03-20 | WordPress Superior FAQ Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23718 | 2023-03-20 | WordPress Page Loading Effects Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23721 | 2023-03-20 | WordPress Admin Log Plugin <= 1.50 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22679 | 2023-03-20 | WordPress WP Better Emails Plugin <= 0.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22680 | 2023-03-20 | WordPress No API Amazon Affiliate Plugin <= 4.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22682 | 2023-03-20 | WordPress Camera slideshow Plugin <= 1.4.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47592 | 2023-03-20 | WordPress MagicForm Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47591 | 2023-03-20 | WordPress Map Multi Marker Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-0320 | 2023-03-20 | XSS in UBYS |
| CVE-2023-26513 | 2023-03-20 | Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS |
| CVE-2023-28083 | 2023-03-20 | Potential Cross-Site scripting vulnerability in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). |
| CVE-2023-28118 | 2023-03-20 | kaml has potential denial of service while parsing input with anchors and aliases |
| CVE-2023-28424 | 2023-03-20 | Soko SQL Injection vulnerability |
| CVE-2023-28428 | 2023-03-20 | PDFio vulnerable to Denial Of Service when opening a corrupt PDF file |
| CVE-2023-28429 | 2023-03-20 | Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field |
| CVE-2023-27586 | 2023-03-20 | CairoSVG improperly processes SVG files loaded from external resources |
| CVE-2023-22288 | 2023-03-20 | Email HTML Injection |
| CVE-2022-3894 | 2023-03-20 | WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF |
| CVE-2023-0876 | 2023-03-20 | WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect |
| CVE-2023-0175 | 2023-03-20 | Smart Logo Showcase Lite <= 1.1.9 - Contributor+ Stored XSS |
| CVE-2023-0365 | 2023-03-20 | React Webcam <= 1.2.0 - Contributor+ Stored XSS |
| CVE-2023-0631 | 2023-03-20 | Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection |
| CVE-2023-0369 | 2023-03-20 | GoToWP <= 5.1.1 - Contributor+ Stored XSS |
| CVE-2023-0145 | 2023-03-20 | Saan World Clock <= 1.8 - Contributor+ Stored XSS |
| CVE-2023-0630 | 2023-03-20 | Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection |
| CVE-2023-0364 | 2023-03-20 | real.Kit < 5.1.1 - Contributor+ Stored XSS |
| CVE-2023-0865 | 2023-03-20 | WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Arbitrary Address Creation/Deletion/Access/Update via IDOR |
| CVE-2023-0890 | 2023-03-20 | Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access |
| CVE-2023-0940 | 2023-03-20 | ProfileGrid < 5.3.1 - Subscriber+ Arbitrary Password Reset |
| CVE-2023-0167 | 2023-03-20 | GetResponse for WordPress <= 5.5.31 - Contributor+ Stored XSS |
| CVE-2023-0937 | 2023-03-20 | VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS |
| CVE-2023-0370 | 2023-03-20 | WPB Advanced FAQ <= 1.0.6 - Contributor+ Stored XSS |
| CVE-2022-4148 | 2023-03-20 | WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion |
| CVE-2023-0273 | 2023-03-20 | Custom Content Shortcode <= 4.0.2 - Contributor+ Stored XSS |
| CVE-2023-0875 | 2023-03-20 | WP Meta SEO < 4.5.3 - Subscriber+ SQLi |
| CVE-2023-0340 | 2023-03-20 | Custom Content Shortcode <= 4.0.2 - Contributor+ LFI |
| CVE-2023-0911 | 2023-03-20 | Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure |
| CVE-2023-0681 | 2023-03-20 | Rapid7 Nexpose Uncontrolled URL Redirect |
| CVE-2023-27578 | 2023-03-20 | Galaxy vulnerable to unauthorized modification of pages/visualizations due to insufficient permission check |
| CVE-2023-28425 | 2023-03-20 | Specially crafted MSETNX command can lead to denial-of-service |
| CVE-2022-45124 | 2023-03-20 | An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can... |
| CVE-2022-43663 | 2023-03-20 | An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a... |
| CVE-2012-10009 | 2023-03-20 | 404like Plugin 404Like.php checkPage sql injection |
| CVE-2022-42331 | 2023-03-21 | x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations,... |
| CVE-2022-42332 | 2023-03-21 | x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow... |
| CVE-2022-42333 | 2023-03-21 | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with... |
| CVE-2022-42334 | 2023-03-21 | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with... |
| CVE-2022-45635 | 2023-03-21 | An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy. |
| CVE-2022-45636 | 2023-03-21 | An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests. |
| CVE-2022-45637 | 2023-03-21 | An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism. |
| CVE-2023-1527 | 2023-03-21 | Cross-site Scripting (XSS) - Generic in tsolucio/corebos |
| CVE-2023-1535 | 2023-03-21 | Cross-site Scripting (XSS) - Stored in answerdev/answer |
| CVE-2023-1536 | 2023-03-21 | Cross-site Scripting (XSS) - Stored in answerdev/answer |
| CVE-2023-1537 | 2023-03-21 | Authentication Bypass by Capture-replay in answerdev/answer |
| CVE-2023-1538 | 2023-03-21 | Observable Timing Discrepancy in answerdev/answer |
| CVE-2023-1539 | 2023-03-21 | Improper Restriction of Excessive Authentication Attempts in answerdev/answer |
| CVE-2023-1540 | 2023-03-21 | Observable Response Discrepancy in answerdev/answer |
| CVE-2023-1541 | 2023-03-21 | Business Logic Errors in answerdev/answer |
| CVE-2023-1542 | 2023-03-21 | Business Logic Errors in answerdev/answer |
| CVE-2023-1543 | 2023-03-21 | Insufficient Session Expiration in answerdev/answer |
| CVE-2023-1545 | 2023-03-21 | SQL Injection in nilsteampassnet/teampass |
| CVE-2023-24709 | 2023-03-21 | An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters. |
| CVE-2023-25134 | 2023-03-21 | McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result... |
| CVE-2023-26497 | 2023-03-21 | An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing... |
| CVE-2023-27087 | 2023-03-21 | Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter. |
| CVE-2023-27569 | 2023-03-21 | The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header. |
| CVE-2023-27570 | 2023-03-21 | The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie. |
| CVE-2023-27842 | 2023-03-21 | Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent |
| CVE-2023-27977 | 2023-03-21 | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to... |