Lista CVE - 2023 / Marzo
Visualizzazione 1901 - 2000 di 2488 CVE per Marzo 2023 (Pagina 20 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-28866 | 2023-03-27 | In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not. |
| CVE-2023-28867 | 2023-03-27 | In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135. |
| CVE-2023-28883 | 2023-03-27 | In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint. |
| CVE-2023-28885 | 2023-03-27 | The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted... |
| CVE-2022-4126 | 2023-03-27 | Use of Default Password |
| CVE-2022-47925 | 2023-03-27 | Insufficient Input Validation in the Endpoint of the csaf-validator-service |
| CVE-2022-47924 | 2023-03-27 | Arbitrary Code Execution using the validate function of csaf-validator-lib |
| CVE-2022-30705 | 2023-03-27 | WordPress WordPress Ping Optimizer Plugin <= 2.35.1.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46843 | 2023-03-27 | WordPress Woocommerce Vietnam Checkout Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47146 | 2023-03-27 | WordPress Real Estate 7 Theme <= 3.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22707 | 2023-03-27 | WordPress Greenshift – animation and page builder blocks Plugin <= 4.9.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27296 | 2023-03-27 | Apache InLong: JDBC Deserialization Vulnerability in InLong |
| CVE-2023-1133 | 2023-03-27 | CVE-2023-1133 |
| CVE-2023-1139 | 2023-03-27 | CVE-2023-1139 |
| CVE-2023-1138 | 2023-03-27 | CVE-2023-1138 |
| CVE-2023-1144 | 2023-03-27 | CVE-2023-1144 |
| CVE-2023-1137 | 2023-03-27 | CVE-2023-1137 |
| CVE-2023-1143 | 2023-03-27 | CVE-2023-1143 |
| CVE-2023-1134 | 2023-03-27 | CVE-2023-1134 |
| CVE-2023-1142 | 2023-03-27 | CVE-2023-1142 |
| CVE-2023-1136 | 2023-03-27 | CVE-2023-1136 |
| CVE-2023-1141 | 2023-03-27 | CVE-2023-1141 |
| CVE-2023-1140 | 2023-03-27 | CVE-2023-1140 |
| CVE-2023-1145 | 2023-03-27 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in... |
| CVE-2023-1135 | 2023-03-27 | In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. |
| CVE-2023-1399 | 2023-03-27 | N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code... |
| CVE-2022-48426 | 2023-03-27 | In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible |
| CVE-2022-48427 | 2023-03-27 | In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible |
| CVE-2022-48428 | 2023-03-27 | In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible |
| CVE-2023-0504 | 2023-03-27 | HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0441 | 2023-03-27 | Gallery Blocks with Lightbox < 3.0.8 - Subscriber+ Arbitrary Options Update |
| CVE-2023-0816 | 2023-03-27 | Formidable Forms < 6.1 - IP Spoofing |
| CVE-2023-0498 | 2023-03-27 | WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1088 | 2023-03-27 | WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0660 | 2023-03-27 | Smart Slider 3 < 3.5.1.14 - Contributor+ Stored XSS |
| CVE-2023-1089 | 2023-03-27 | Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0335 | 2023-03-27 | WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion |
| CVE-2023-0499 | 2023-03-27 | QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1093 | 2023-03-27 | OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF |
| CVE-2023-0505 | 2023-03-27 | Ever Compare <= 1.2.3 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0495 | 2023-03-27 | HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1400 | 2023-03-27 | Modern Events Calendar lite < 6.5.2 - Admin+ Stored XSS |
| CVE-2023-0467 | 2023-03-27 | WP Dark Mode < 4.0.8 - Subscriber+ Local File Inclusion |
| CVE-2020-36666 | 2023-03-27 | Multiple e-plugins - Subscriber+ Privilege Escalation |
| CVE-2023-0484 | 2023-03-27 | Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0502 | 2023-03-27 | WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0955 | 2023-03-27 | WP Statistics < 14.0 - Authenticated SQLi |
| CVE-2023-0503 | 2023-03-27 | Free WooCommerce Theme 99fy Extension < 1.2.8 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0500 | 2023-03-27 | WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0491 | 2023-03-27 | Schedulicity - Easy Online Scheduling <= 2.21 - Contributor+ Stored XSS |
| CVE-2023-0501 | 2023-03-27 | WP Insurance < 2.1.4 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1069 | 2023-03-27 | Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS |
| CVE-2023-1086 | 2023-03-27 | Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0496 | 2023-03-27 | HT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0336 | 2023-03-27 | OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion |
| CVE-2023-0589 | 2023-03-27 | WP Image Carousel <= 1.0.2 - Contributor+ Stored XSS |
| CVE-2023-0823 | 2023-03-27 | Cookie Notice & Compliance for GDPR / CCPA < 2.4.7 - Contributor+ Stored XSS |
| CVE-2023-0272 | 2023-03-27 | NEX-Forms < 8.3.3 - Contributor+ Stored XSS |
| CVE-2023-1025 | 2023-03-27 | Simple File List < 6.0.10 - Admin+ Stored XSS |
| CVE-2023-0497 | 2023-03-27 | HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-1087 | 2023-03-27 | WC Sales Notification < 1.2.3 - Arbitrary Plugin Activation via CSRF |
| CVE-2023-0395 | 2023-03-27 | menu shortcode <= 1.0 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-1092 | 2023-03-27 | OAuth Single Sign On - SSO (OAuth Client) - IdP Deletion via CSRF |
| CVE-2022-48429 | 2023-03-27 | In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible |
| CVE-2023-25828 | 2023-03-27 | Authenticate Remote Code Execution in Pluck CMS |
| CVE-2023-28652 | 2023-03-27 | CVE-2023-28652 |
| CVE-2023-27927 | 2023-03-27 | CVE-2023-27927 |
| CVE-2023-22300 | 2023-03-27 | CVE-2023-22300 |
| CVE-2023-28655 | 2023-03-27 | CVE-2023-28655 |
| CVE-2023-28650 | 2023-03-27 | CVE-2023-28650 |
| CVE-2023-25661 | 2023-03-27 | Denial of Service in TensorFlow |
| CVE-2023-25818 | 2023-03-27 | Missing brute force protection on password reset token in Nextcloud Server |
| CVE-2023-25817 | 2023-03-27 | Delete permissions are not saved when creating public share in Nextcloud server |
| CVE-2023-28627 | 2023-03-27 | OS Command Injection via GIT_PATH in pymedusa |
| CVE-2023-28628 | 2023-03-27 | `authority-regex` returns the wrong authority in lambdaisland/uri |
| CVE-2023-28630 | 2023-03-27 | Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd |
| CVE-2023-28629 | 2023-03-27 | Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd |
| CVE-2023-28638 | 2023-03-27 | Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier |
| CVE-2023-28640 | 2023-03-27 | Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key |
| CVE-2023-1666 | 2023-03-27 | SourceCodester Automatic Question Paper Generator System GET Parameter view_class.php sql injection |
| CVE-2023-28430 | 2023-03-27 | OneSignal repository github action command injection |
| CVE-2023-28102 | 2023-03-27 | Command injection in discordrb |
| CVE-2023-26493 | 2023-03-27 | Command Injection in Cocos Engine workflow |
| CVE-2022-42447 | 2023-03-27 | Cross-origin resource sharing vulnerability affects HCL Compass |
| CVE-2022-47529 | 2023-03-28 | Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either... |
| CVE-2020-8889 | 2023-03-28 | The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL. |
| CVE-2022-0194 | 2023-03-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function.... |
| CVE-2022-0650 | 2023-03-28 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific... |
| CVE-2022-1229 | 2023-03-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-1230 | 2023-03-28 | This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged... |
| CVE-2022-23121 | 2023-03-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function.... |
| CVE-2022-23122 | 2023-03-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function.... |
| CVE-2022-23123 | 2023-03-28 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method.... |
| CVE-2022-23124 | 2023-03-28 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method.... |
| CVE-2022-23125 | 2023-03-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function.... |
| CVE-2022-24352 | 2023-03-28 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 211210 routers. Authentication is not required to exploit this vulnerability. The specific flaw... |
| CVE-2022-24353 | 2023-03-28 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific... |
| CVE-2022-24672 | 2023-03-28 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2022-24673 | 2023-03-28 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2022-24674 | 2023-03-28 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists... |