Lista CVE - 2023 / Marzo
Visualizzazione 1801 - 1900 di 2488 CVE per Marzo 2023 (Pagina 19 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-1643 | 2023-03-26 | IObit Malware Fighter IOCTL ImfHpRegFilter.sys 0x8001E040 denial of service |
| CVE-2023-1644 | 2023-03-26 | IObit Malware Fighter IOCTL IMFCameraProtect.sys 0x8018E010 denial of service |
| CVE-2023-1645 | 2023-03-26 | IObit Malware Fighter IOCTL IMFCameraProtect.sys 0x8018E008 denial of service |
| CVE-2023-1646 | 2023-03-26 | IObit Malware Fighter IOCTL IMFCameraProtect.sys 0x8018E004 stack-based overflow |
| CVE-2023-1077 | 2023-03-27 | In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition... |
| CVE-2023-1380 | 2023-03-27 | A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined... |
| CVE-2023-25908 | 2023-03-27 | Adobe Photoshop SVG file Use After Free Arbitrary code execution |
| CVE-2023-26958 | 2023-03-27 | Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter. |
| CVE-2023-26959 | 2023-03-27 | Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. |
| CVE-2023-28884 | 2023-03-27 | In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. |
| CVE-2018-25083 | 2023-03-27 | The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name. |
| CVE-2021-3923 | 2023-03-27 | A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the... |
| CVE-2022-2237 | 2023-03-27 | A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function. |
| CVE-2022-3116 | 2023-03-27 | The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause... |
| CVE-2022-32199 | 2023-03-27 | db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter. |
| CVE-2022-39043 | 2023-03-27 | Juiker app - Information Leakage |
| CVE-2022-41354 | 2023-03-27 | An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. |
| CVE-2022-46415 | 2023-03-27 | DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the... |
| CVE-2022-46416 | 2023-03-27 | Parrot Bebop 4.7.1. allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the... |
| CVE-2022-48291 | 2023-03-27 | The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2022-48346 | 2023-03-27 | The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2022-48347 | 2023-03-27 | The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2022-48348 | 2023-03-27 | The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity. |
| CVE-2022-48349 | 2023-03-27 | The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability. |
| CVE-2022-48350 | 2023-03-27 | The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2022-48351 | 2023-03-27 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability. |
| CVE-2022-48352 | 2023-03-27 | Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic. |
| CVE-2022-48353 | 2023-03-27 | Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions. |
| CVE-2022-48354 | 2023-03-27 | The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash. |
| CVE-2022-48355 | 2023-03-27 | The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash. |
| CVE-2022-48356 | 2023-03-27 | The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition. |
| CVE-2022-48357 | 2023-03-27 | Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel. |
| CVE-2022-48358 | 2023-03-27 | The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerability by a malicious app can cause service exceptions. |
| CVE-2022-48359 | 2023-03-27 | The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2022-48360 | 2023-03-27 | The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2022-48361 | 2023-03-27 | The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources. |
| CVE-2023-0179 | 2023-03-27 | A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local... |
| CVE-2023-0210 | 2023-03-27 | A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. |
| CVE-2023-0241 | 2023-03-27 | pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database. |
| CVE-2023-0326 | 2023-03-27 | An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence. |
| CVE-2023-0494 | 2023-03-27 | A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed... |
| CVE-2023-0778 | 2023-03-27 | A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the... |
| CVE-2023-1073 | 2023-03-27 | A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user... |
| CVE-2023-1074 | 2023-03-27 | A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to... |
| CVE-2023-1075 | 2023-03-27 | A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the... |
| CVE-2023-1076 | 2023-03-27 | A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will... |
| CVE-2023-1078 | 2023-03-27 | A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user... |
| CVE-2023-1079 | 2023-03-27 | A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly... |
| CVE-2023-1637 | 2023-03-27 | A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the... |
| CVE-2023-1647 | 2023-03-27 | Improper Access Control in calcom/cal.com |
| CVE-2023-1654 | 2023-03-27 | Denial of Service in gpac/gpac |
| CVE-2023-1655 | 2023-03-27 | Heap-based Buffer Overflow in gpac/gpac |
| CVE-2023-1665 | 2023-03-27 | Improper Restriction of Excessive Authentication Attempts in linagora/twake |
| CVE-2023-20860 | 2023-03-27 | Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between... |
| CVE-2023-22247 | 2023-03-27 | Adobe Commerce XML Injection Arbitrary file system read |
| CVE-2023-22249 | 2023-03-27 | Adobe Commerce Stored XSS Arbitrary code execution |
| CVE-2023-22250 | 2023-03-27 | Adobe Commerce Improper Access Control Security feature bypass |
| CVE-2023-22251 | 2023-03-27 | Adobe Commerce Incorrect Authorization Security feature bypass |
| CVE-2023-22902 | 2023-03-27 | Openfind Mail2000 - XSS |
| CVE-2023-24094 | 2023-03-27 | An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets. |
| CVE-2023-24366 | 2023-03-27 | An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request. |
| CVE-2023-24834 | 2023-03-27 | WisdomGarden Tronclass ilearn - Broken Access Control |
| CVE-2023-24835 | 2023-03-27 | Softnext SPAM SQR - Code Injection |
| CVE-2023-24837 | 2023-03-27 | HGiga PowerStation - Command Injection |
| CVE-2023-24838 | 2023-03-27 | HGiga PowerStation - Information Leakage |
| CVE-2023-24839 | 2023-03-27 | HGiga MailSherlock - Reflected XSS |
| CVE-2023-24840 | 2023-03-27 | HGiga MailSherlock - SQL Injection |
| CVE-2023-24841 | 2023-03-27 | HGiga MailSherlock - Command Injection |
| CVE-2023-24842 | 2023-03-27 | HGiga MailSherlock - Broken Access Control |
| CVE-2023-25017 | 2023-03-27 | Rifartek IOT Wall - Broken Access Control |
| CVE-2023-25018 | 2023-03-27 | Rifartek IOT Wall - Reflected XSS |
| CVE-2023-25261 | 2023-03-27 | Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local... |
| CVE-2023-25263 | 2023-03-27 | In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is... |
| CVE-2023-25863 | 2023-03-27 | Adobe Substance 3D Stager USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-25864 | 2023-03-27 | Adobe Substance 3D Stager FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-25865 | 2023-03-27 | Adobe Substance 3D Stager OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2023-25866 | 2023-03-27 | Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-25867 | 2023-03-27 | Adobe Substance 3D Stager PCX File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2023-25868 | 2023-03-27 | Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-25869 | 2023-03-27 | Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-25870 | 2023-03-27 | Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-25871 | 2023-03-27 | Adobe Substance 3D Stager SVG File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-25872 | 2023-03-27 | Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-25873 | 2023-03-27 | Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-25874 | 2023-03-27 | Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-25875 | 2023-03-27 | Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-25876 | 2023-03-27 | Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-25877 | 2023-03-27 | Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-25878 | 2023-03-27 | Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-25909 | 2023-03-27 | HGiga Inc. OAKlouds - Arbitrary File Upload |
| CVE-2023-26547 | 2023-03-27 | The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. |
| CVE-2023-26548 | 2023-03-27 | The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-26549 | 2023-03-27 | The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-26924 | 2023-03-27 | LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause... |
| CVE-2023-27096 | 2023-03-27 | Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. |
| CVE-2023-27241 | 2023-03-27 | SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module. |
| CVE-2023-27245 | 2023-03-27 | A cross-site scripting (XSS) vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the... |
| CVE-2023-27847 | 2023-03-27 | SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components. |
| CVE-2023-28596 | 2023-03-27 | Local Privilege Escalation in Zoom for macOS Installers |
| CVE-2023-28597 | 2023-03-27 | Improper trust boundary implementation for SMB in Zoom Clients |