Lista CVE - 2023 / Marzo
Visualizzazione 201 - 300 di 2488 CVE per Marzo 2023 (Pagina 3 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2014-125091 | 2023-03-04 | codepeople cp-polls Plugin cp-admin-int-message-list.inc.php sql injection |
| CVE-2023-0734 | 2023-03-05 | Improper Authorization in wallabag/wallabag |
| CVE-2023-1181 | 2023-03-05 | Cross-site Scripting (XSS) - Stored in icret/easyimages2.0 |
| CVE-2023-22335 | 2023-03-05 | Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file... |
| CVE-2023-22336 | 2023-03-05 | Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory.... |
| CVE-2023-22344 | 2023-03-05 | Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool... |
| CVE-2023-22419 | 2023-03-05 | Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of... |
| CVE-2023-22421 | 2023-03-05 | Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to... |
| CVE-2023-22424 | 2023-03-05 | Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for... |
| CVE-2023-22432 | 2023-03-05 | Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL.... |
| CVE-2023-22438 | 2023-03-05 | Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE... |
| CVE-2023-22838 | 2023-03-05 | Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject... |
| CVE-2023-25077 | 2023-03-05 | Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. |
| CVE-2023-26510 | 2023-03-05 | Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read... |
| CVE-2023-27635 | 2023-03-05 | debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.) |
| CVE-2023-27641 | 2023-03-05 | The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. |
| CVE-2008-10002 | 2023-03-05 | cfire24 ajaxlife cross site scripting |
| CVE-2008-10003 | 2023-03-05 | iGamingModules flashgames game.php sql injection |
| CVE-2015-10088 | 2023-03-05 | ayttm proxy.c http_connect format string |
| CVE-2023-1179 | 2023-03-05 | SourceCodester Computer Parts Sales and Inventory System Add Supplier cross site scripting |
| CVE-2023-1180 | 2023-03-05 | SourceCodester Health Center Patient Record Management System hematology_print.php cross site scripting |
| CVE-2015-10089 | 2023-03-05 | flame.js cross site scripting |
| CVE-2021-4329 | 2023-03-05 | json-logic-js logic.js command injection |
| CVE-2022-4927 | 2023-03-05 | ualbertalib NEOSDiscovery _refworks.html.erb reverse tabnabbing |
| CVE-2006-10001 | 2023-03-05 | Subscribe to Comments Plugin subscribe-to-comments.php cross site scripting |
| CVE-2014-125092 | 2023-03-05 | MaxButtons Plugin maxbuttons-button.php maxbuttons_strip_px cross site scripting |
| CVE-2015-10090 | 2023-03-05 | Landing Pages Plugin cross site scripting |
| CVE-2022-46395 | 2023-03-06 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard... |
| CVE-2022-4904 | 2023-03-06 | A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue... |
| CVE-2023-0330 | 2023-03-06 | Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow |
| CVE-2023-24733 | 2023-03-06 | PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. |
| CVE-2023-24734 | 2023-03-06 | An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. |
| CVE-2023-24735 | 2023-03-06 | PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. |
| CVE-2023-24736 | 2023-03-06 | PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php. |
| CVE-2023-24737 | 2023-03-06 | PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php. |
| CVE-2023-25304 | 2023-03-06 | An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importing a crafted .mrpack file. |
| CVE-2019-8720 | 2023-03-06 | A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory... |
| CVE-2021-20251 | 2023-03-06 | A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. |
| CVE-2021-35377 | 2023-03-06 | Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters. |
| CVE-2021-36392 | 2023-03-06 | In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. |
| CVE-2021-36393 | 2023-03-06 | In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. |
| CVE-2021-36394 | 2023-03-06 | In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. |
| CVE-2021-36395 | 2023-03-06 | In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. |
| CVE-2021-36396 | 2023-03-06 | In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. |
| CVE-2021-36397 | 2023-03-06 | In Moodle, insufficient capability checks meant message deletions were not limited to the current user. |
| CVE-2021-36398 | 2023-03-06 | In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. |
| CVE-2021-36399 | 2023-03-06 | In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. |
| CVE-2021-36400 | 2023-03-06 | In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. |
| CVE-2021-36401 | 2023-03-06 | In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. |
| CVE-2021-36402 | 2023-03-06 | In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. |
| CVE-2021-36403 | 2023-03-06 | In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. |
| CVE-2021-36713 | 2023-03-06 | Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version... |
| CVE-2022-3277 | 2023-03-06 | An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates... |
| CVE-2022-3424 | 2023-03-06 | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in... |
| CVE-2022-3707 | 2023-03-06 | A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue... |
| CVE-2022-3854 | 2023-03-06 | A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW,... |
| CVE-2022-4134 | 2023-03-06 | A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. |
| CVE-2022-42248 | 2023-03-06 | QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality. |
| CVE-2022-44875 | 2023-03-06 | KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code. |
| CVE-2022-45141 | 2023-03-06 | Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active... |
| CVE-2022-45142 | 2023-03-06 | The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these... |
| CVE-2022-48364 | 2023-03-06 | The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a... |
| CVE-2023-0093 | 2023-03-06 | Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client... |
| CVE-2023-1161 | 2023-03-06 | ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file |
| CVE-2023-1197 | 2023-03-06 | Cross-site Scripting (XSS) - Stored in uvdesk/community-skeleton |
| CVE-2023-1211 | 2023-03-06 | SQL Injection in phpipam/phpipam |
| CVE-2023-1212 | 2023-03-06 | Cross-site Scripting (XSS) - Stored in phpipam/phpipam |
| CVE-2023-24217 | 2023-03-06 | AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. |
| CVE-2023-24763 | 2023-03-06 | In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0. |
| CVE-2023-24776 | 2023-03-06 | Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. |
| CVE-2023-24789 | 2023-03-06 | jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. |
| CVE-2023-26600 | 2023-03-06 | ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. |
| CVE-2023-26601 | 2023-03-06 | Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). |
| CVE-2023-26949 | 2023-03-06 | An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2023-27891 | 2023-03-06 | rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1. |
| CVE-2022-4928 | 2023-03-06 | icplayer presenter.js AddonText_Selection_create cross site scripting |
| CVE-2022-4929 | 2023-03-06 | icplayer tts-utils.js cross site scripting |
| CVE-2015-10091 | 2023-03-06 | ByWater Solutions bywater-koha-xslt systempreferences.pl StringSearch sql injection |
| CVE-2023-26106 | 2023-03-06 | All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file. |
| CVE-2023-26111 | 2023-03-06 | All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath... |
| CVE-2023-26107 | 2023-03-06 | All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string. |
| CVE-2023-26108 | 2023-03-06 | Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is... |
| CVE-2015-10092 | 2023-03-06 | Qtranslate Slug Plugin class-qtranslate-slug.php add_slug_meta_box cross site scripting |
| CVE-2023-22856 | 2023-03-06 | Stored cross-site scripting in BlogEngine.NET version 3.3.8.0 |
| CVE-2023-22857 | 2023-03-06 | Stored cross-site scripting in BlogEngine.NET version 3.3.8.0 |
| CVE-2015-10093 | 2023-03-06 | Mark User as Spammer Plugin plugin.php user_row_actions cross site scripting |
| CVE-2023-22858 | 2023-03-06 | Stored cross-site scripting in BlogEngine.NET version 3.3.8.0 |
| CVE-2023-1184 | 2023-03-06 | ECshop Backup Database database.php unrestricted upload |
| CVE-2023-1185 | 2023-03-06 | ECshop New Product unrestricted upload |
| CVE-2023-0839 | 2023-03-06 | Improper Error Handling in inSCADA |
| CVE-2023-1186 | 2023-03-06 | FabulaTech Webcam for Remote Desktop IOCTL ftwebcam.sys 0x222018 null pointer dereference |
| CVE-2023-1187 | 2023-03-06 | FabulaTech Webcam for Remote Desktop Global Variable ftwebcam.sys denial of service |
| CVE-2023-1188 | 2023-03-06 | FabulaTech Webcam for Remote Desktop IoControlCode ftwebcam.sys 0x222018 denial of service |
| CVE-2023-1189 | 2023-03-06 | WiseCleaner Wise Folder Hider IoControlCode WiseFs64.sys 0x222410 denial of service |
| CVE-2023-1190 | 2023-03-06 | xiaozhuai imageinfo imageinfo.hpp buffer overflow |
| CVE-2023-1191 | 2023-03-06 | fastcms ZIP File TemplateController.java path traversal |
| CVE-2017-20180 | 2023-03-06 | Zerocoin libzerocoin Proof CoinSpend.cpp CoinSpend data authenticity |
| CVE-2022-3284 | 2023-03-06 | Insecure way of passing a download key |
| CVE-2022-4862 | 2023-03-06 | XSS vulnerability in M-Files Web |
| CVE-2022-2178 | 2023-03-06 | XSS in Saysis' Starcities |