Lista CVE - 2023 / Marzo
Visualizzazione 601 - 700 di 2488 CVE per Marzo 2023 (Pagina 7 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-27483 | 2023-03-09 | fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime |
| CVE-2023-27484 | 2023-03-09 | Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane |
| CVE-2023-27490 | 2023-03-09 | Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth |
| CVE-2023-0622 | 2023-03-09 | CVE-2023-0622 |
| CVE-2023-0623 | 2023-03-09 | CVE-2023-0623 |
| CVE-2023-0621 | 2023-03-09 | CVE-2023-0621 |
| CVE-2023-1300 | 2023-03-09 | SourceCodester COVID 19 Testing Management System POST Parameter patient-report.php sql injection |
| CVE-2023-1301 | 2023-03-09 | SourceCodester Friendly Island Pizza Website and Ordering System GET Parameter deleteorder.php sql injection |
| CVE-2023-1302 | 2023-03-09 | SourceCodester File Tracker Manager System borrow1.php cross site scripting |
| CVE-2023-1303 | 2023-03-09 | UCMS System File Management Module fileedit.php unrestricted upload |
| CVE-2023-27530 | 2023-03-10 | A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be... |
| CVE-2021-33360 | 2023-03-10 | An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s). |
| CVE-2022-44574 | 2023-03-10 | An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. |
| CVE-2022-48111 | 2023-03-10 | A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a... |
| CVE-2023-0746 | 2023-03-10 | XSS Vulnerability in GigaVue-FM |
| CVE-2023-1205 | 2023-03-10 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. |
| CVE-2023-1307 | 2023-03-10 | Authentication Bypass by Primary Weakness in froxlor/froxlor |
| CVE-2023-1312 | 2023-03-10 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore |
| CVE-2023-1313 | 2023-03-10 | Unrestricted Upload of File with Dangerous Type in cockpit-hq/cockpit |
| CVE-2023-1315 | 2023-03-10 | Cross-site Scripting (XSS) - Reflected in osticket/osticket |
| CVE-2023-1316 | 2023-03-10 | Cross-site Scripting (XSS) - Stored in osticket/osticket |
| CVE-2023-1317 | 2023-03-10 | Cross-site Scripting (XSS) - Reflected in osticket/osticket |
| CVE-2023-1318 | 2023-03-10 | Cross-site Scripting (XSS) - Generic in osticket/osticket |
| CVE-2023-1319 | 2023-03-10 | Cross-site Scripting (XSS) - Stored in osticket/osticket |
| CVE-2023-1320 | 2023-03-10 | Cross-site Scripting (XSS) - Stored in osticket/osticket |
| CVE-2023-23326 | 2023-03-10 | A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs... |
| CVE-2023-23327 | 2023-03-10 | An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the... |
| CVE-2023-23328 | 2023-03-10 | A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file. |
| CVE-2023-23911 | 2023-03-10 | An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key... |
| CVE-2023-24774 | 2023-03-10 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php. |
| CVE-2023-26075 | 2023-03-10 | An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and... |
| CVE-2023-27114 | 2023-03-10 | radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. |
| CVE-2023-27115 | 2023-03-10 | WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size. |
| CVE-2023-27116 | 2023-03-10 | WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType. |
| CVE-2023-27117 | 2023-03-10 | WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator. |
| CVE-2023-27119 | 2023-03-10 | WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild. |
| CVE-2023-27161 | 2023-03-10 | Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a... |
| CVE-2023-27164 | 2023-03-10 | An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. |
| CVE-2023-27532 | 2023-03-10 | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. |
| CVE-2023-27850 | 2023-03-10 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. |
| CVE-2023-27851 | 2023-03-10 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. |
| CVE-2023-27852 | 2023-03-10 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. |
| CVE-2023-27853 | 2023-03-10 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. |
| CVE-2013-10020 | 2023-03-10 | MMDeveloper A Forms Plugin a-forms.php cross site scripting |
| CVE-2014-125093 | 2023-03-10 | Ad Blocking Detector Plugin ad-blocking-detector.php information disclosure |
| CVE-2017-20182 | 2023-03-10 | Mobile Vikings Django AJAX Utilities Backslash pagination.js Pagination cross site scripting |
| CVE-2021-27788 | 2023-03-10 | HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability |
| CVE-2023-1091 | 2023-03-10 | SQL Injection found in ALPATA's Licensed Warehousing Automation System |
| CVE-2023-1308 | 2023-03-10 | SourceCodester Online Graduate Tracer System adminlog.php sql injection |
| CVE-2023-1309 | 2023-03-10 | SourceCodester Online Graduate Tracer System search_it.php sql injection |
| CVE-2023-1310 | 2023-03-10 | SourceCodester Online Graduate Tracer System prof.php sql injection |
| CVE-2023-1311 | 2023-03-10 | SourceCodester Friendly Island Pizza Website and Ordering System GET Parameter large.php sql injection |
| CVE-2023-0083 | 2023-03-10 | The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access. |
| CVE-2023-22301 | 2023-03-10 | The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability. |
| CVE-2023-22436 | 2023-03-10 | The kernel subsystem function check_permission_for_set_tokenid has an UAF vulnerability. |
| CVE-2023-24465 | 2023-03-10 | Communication Wi-Fi subsystem has a null pointer reference vulnerability when receving external data. |
| CVE-2023-25947 | 2023-03-10 | The bundle management subsystem has a improper input validation when installing a HAP package. |
| CVE-2023-1198 | 2023-03-10 | SQLi in Saysis Starcities |
| CVE-2023-1246 | 2023-03-10 | Files or Directories Accessible to External Parties in Saysis Starcities |
| CVE-2023-26464 | 2023-03-10 | Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender |
| CVE-2023-1321 | 2023-03-10 | lmxcms AcquisiAction.class.php update sql injection |
| CVE-2023-1322 | 2023-03-10 | lmxcms BookAction.class.php reply sql injection |
| CVE-2023-1328 | 2023-03-10 | Guizhou 115cms index unrestricted upload |
| CVE-2023-1333 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and... |
| CVE-2023-1334 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including,... |
| CVE-2023-1340 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation... |
| CVE-2023-1341 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation... |
| CVE-2023-1342 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation... |
| CVE-2023-1343 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation... |
| CVE-2023-1344 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation... |
| CVE-2023-1345 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation... |
| CVE-2023-1346 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation... |
| CVE-2023-1339 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including,... |
| CVE-2023-1336 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including,... |
| CVE-2023-1337 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including,... |
| CVE-2023-1338 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including,... |
| CVE-2023-1335 | 2023-03-10 | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and... |
| CVE-2023-27577 | 2023-03-10 | Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum |
| CVE-2023-24999 | 2023-03-10 | Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation |
| CVE-2023-1355 | 2023-03-11 | NULL Pointer Dereference in vim/vim |
| CVE-2023-1349 | 2023-03-11 | Hsycms Add Category Module cate.php cross site scripting |
| CVE-2023-1350 | 2023-03-11 | liferea Feed Enrichment update.c update_job_run os command injection |
| CVE-2023-1351 | 2023-03-11 | SourceCodester Computer Parts Sales and Inventory System cust_transac.php sql injection |
| CVE-2023-1352 | 2023-03-11 | SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System login.php sql injection |
| CVE-2023-1353 | 2023-03-11 | SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System verification.php cross site scripting |
| CVE-2023-1354 | 2023-03-11 | SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System register.php cross site scripting |
| CVE-2013-10021 | 2023-03-11 | dd32 Debug Bar Plugin class-debug-bar-queries.php render cross site scripting |
| CVE-2021-46875 | 2023-03-12 | An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file. |
| CVE-2021-46876 | 2023-03-12 | An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence. |
| CVE-2022-48365 | 2023-03-12 | An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges. |
| CVE-2022-48366 | 2023-03-12 | An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack. |
| CVE-2022-48367 | 2023-03-12 | An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled. |
| CVE-2023-1357 | 2023-03-12 | SourceCodester Simple Bakery Shop Management System Admin Login sql injection |
| CVE-2023-1358 | 2023-03-12 | SourceCodester Gadget Works Online Ordering System POST Parameter login.php sql injection |
| CVE-2023-1359 | 2023-03-12 | SourceCodester Gadget Works Online Ordering System Add New User cross site scripting |
| CVE-2023-1360 | 2023-03-12 | SourceCodester Employee Payslip Generator with Sending Mail New User Creation sql injection |
| CVE-2016-15028 | 2023-03-12 | ICEPAY REST-API-NET Checksum Validation RestClient.cs RestClient integrity check |
| CVE-2021-45423 | 2023-03-13 | A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop... |
| CVE-2022-2258 | 2023-03-13 | In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items |
| CVE-2022-2259 | 2023-03-13 | In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items |