Lista CVE - 2023 / Aprile
Visualizzazione 1301 - 1400 di 2302 CVE per Aprile 2023 (Pagina 14 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-2109 | 2023-04-17 | Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot |
| CVE-2023-24500 | 2023-04-17 | Electra Central AC unit – Adjacent attacker may cause the unit to load unauthorized FW |
| CVE-2023-24501 | 2023-04-17 | Electra Central AC unit – Hardcoded Credentials |
| CVE-2023-24502 | 2023-04-17 | Electra Central AC unit – Easily calculated password |
| CVE-2023-24503 | 2023-04-17 | Electra Smart Kit for Split AC – Adjacent attacker may cause the unit to load unauthorized FW |
| CVE-2023-24504 | 2023-04-17 | Electra Central AC unit – Adjacent attacker may cause the unit to connect to unauthorized update server |
| CVE-2023-25010 | 2023-04-17 | A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution. |
| CVE-2023-27705 | 2023-04-17 | APNG_Optimizer v1.4 was discovered to contain a buffer overflow via the component /apngopt/ubuntu.png. |
| CVE-2023-27733 | 2023-04-17 | DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php. |
| CVE-2023-27755 | 2023-04-17 | go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/v1/download. |
| CVE-2023-27844 | 2023-04-17 | SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component. |
| CVE-2023-27906 | 2023-04-17 | A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution. |
| CVE-2023-27907 | 2023-04-17 | A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution. |
| CVE-2023-27909 | 2023-04-17 | An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure. |
| CVE-2023-27910 | 2023-04-17 | A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to... |
| CVE-2023-27911 | 2023-04-17 | A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to... |
| CVE-2023-28959 | 2023-04-17 | Junos OS: QFX10002: PFE wedges and restarts upon receipt of specific malformed packets |
| CVE-2023-28960 | 2023-04-17 | Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers |
| CVE-2023-28961 | 2023-04-17 | Junos OS: ACX Series: IPv6 firewall filter is not installed in PFE when "from next-header ah" is used |
| CVE-2023-28962 | 2023-04-17 | Junos OS: Unauthenticated access vulnerability in J-Web |
| CVE-2023-28963 | 2023-04-17 | Junos OS: User-controlled input vulnerability in J-Web |
| CVE-2023-28964 | 2023-04-17 | Junos OS and Junos OS Evolved: Malformed BGP flowspec update causes RPD crash |
| CVE-2023-28965 | 2023-04-17 | Junos OS: QFX10002: Failure of storm control feature may lead to Denial of Service |
| CVE-2023-28966 | 2023-04-17 | Junos OS Evolved: Local low-privileged user with shell access can execute CLI commands as root |
| CVE-2023-28967 | 2023-04-17 | Junos OS and Junos OS Evolved: An attacker sending genuine BGP packets causes an RPD crash |
| CVE-2023-28968 | 2023-04-17 | Junos OS: SRX Series: Policies that rely on JDPI-Decoder actions may fail open |
| CVE-2023-28970 | 2023-04-17 | Junos OS: JRR200: Kernel crash upon receipt of a specific packet |
| CVE-2023-28971 | 2023-04-17 | Paragon Active Assurance: Enabling the timescaledb enables IP forwarding |
| CVE-2023-28972 | 2023-04-17 | Junos OS: NFX Series: 'set system ports console insecure' allows root password recovery |
| CVE-2023-28973 | 2023-04-17 | Junos OS Evolved: The 'sysmanctl' shell command allows a local user to gain access to some administrative actions |
| CVE-2023-28974 | 2023-04-17 | Junos OS: MX Series: In a BBE scenario upon receipt of specific malformed packets from subscribers the process bbe-smgd will crash |
| CVE-2023-28975 | 2023-04-17 | Junos OS: The kernel will crash when certain USB devices are inserted |
| CVE-2023-28976 | 2023-04-17 | Junos OS: MX Series: If a specific traffic rate goes above the DDoS threshold it will lead to an FPC crash |
| CVE-2023-28978 | 2023-04-17 | Junos OS Evolved: Read access to some confidential user information is possible |
| CVE-2023-28979 | 2023-04-17 | Junos OS: In a 6PE scenario upon receipt of a specific IPv6 packet an integrity check fails |
| CVE-2023-28980 | 2023-04-17 | Junos OS and Junos OS Evolved: In a BGP rib sharding scenario an rpd crash will happen shortly after a specific CLI command is issued |
| CVE-2023-28981 | 2023-04-17 | Junos OS and Junos OS Evolved: If malformed IPv6 router advertisements are received, memory corruption will occur which causes an rpd crash |
| CVE-2023-28982 | 2023-04-17 | Junos OS and Junos OS Evolved: In a BGP rib sharding scenario when a route is frequently updated an rpd memory leak will occur |
| CVE-2023-28983 | 2023-04-17 | Junos OS Evolved: Shell Injection vulnerability in the gNOI server |
| CVE-2023-28984 | 2023-04-17 | Junos OS: QFX Series: The PFE may crash when a lot of MAC addresses are being learned and aged |
| CVE-2023-29665 | 2023-04-17 | D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings. |
| CVE-2023-30769 | 2023-04-17 | Rab13s Exploit |
| CVE-2023-30770 | 2023-04-17 | A stack-based buffer overflow vulnerability was found in the ADM |
| CVE-2023-24831 | 2023-04-17 | Apache IoTDB grafana-connector Login Bypass Vulnerability |
| CVE-2023-30771 | 2023-04-17 | Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench |
| CVE-2023-22946 | 2023-04-17 | Apache Spark proxy-user privilege escalation from malicious configuration class |
| CVE-2023-1109 | 2023-04-17 | PHOENIX CONTACT: Directory Traversal Vulnerability in ENERGY AXC PU Web service |
| CVE-2023-2017 | 2023-04-17 | Improper Control of Generation of Code in Twig Rendered Views in Shopware |
| CVE-2023-1723 | 2023-04-17 | SQLi in Veragroup Mobile Assistant |
| CVE-2023-0764 | 2023-04-17 | Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting |
| CVE-2023-0374 | 2023-04-17 | W4 Post List < 2.4.6 - Contributor+ Stored XSS |
| CVE-2023-0765 | 2023-04-17 | Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection |
| CVE-2023-1325 | 2023-04-17 | Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS |
| CVE-2023-0277 | 2023-04-17 | WC Fields Factory <= 4.1.5 - ShopManager+ SQLi |
| CVE-2023-1427 | 2023-04-17 | Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal |
| CVE-2023-1282 | 2023-04-17 | Drag and Drop Multiple File Upload PRO - Reflected Cross-Site Scripting |
| CVE-2023-0889 | 2023-04-17 | TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update |
| CVE-2023-1373 | 2023-04-17 | W4 Post List < 2.4.6 - Reflected XSS |
| CVE-2023-0367 | 2023-04-17 | Pricing Tables For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS |
| CVE-2023-1331 | 2023-04-17 | Redirection < 1.1.5 - Plugin Reset via CSRF |
| CVE-2023-1274 | 2023-04-17 | Pricing Tables For WPBakery Page Builder < 3.0 - Subscriber+ LFI |
| CVE-2023-1413 | 2023-04-17 | WP VR < 8.2.9 - Reflected XSS |
| CVE-2023-1371 | 2023-04-17 | W4 Post List < 2.4.6 - Subscriber+ Password Protected Post Content Disclosure |
| CVE-2023-1473 | 2023-04-17 | Responsive WordPress Slideshows 3.29.0 - Reflected XSS |
| CVE-2023-1873 | 2023-04-17 | SQLi in Bircard |
| CVE-2023-1831 | 2023-04-17 | User password logged in audit logs |
| CVE-2023-27525 | 2023-04-17 | Apache Superset: Incorrect default permissions for Gamma role |
| CVE-2023-25504 | 2023-04-17 | Apache Superset: Possible SSRF on import datasets |
| CVE-2015-10102 | 2023-04-17 | Freshdesk Plugin redirect |
| CVE-2023-29004 | 2023-04-17 | Path Traversal Vulnerability in hap-wi/roxy-wi |
| CVE-2015-10103 | 2023-04-17 | InternalError503 Forget It settings.js infinite loop |
| CVE-2023-2130 | 2023-04-17 | SourceCodester Purchase Order Management System GET Parameter view_details.php sql injection |
| CVE-2023-30548 | 2023-04-17 | Path traversal vulnerability in gatsby-plugin-sharp |
| CVE-2023-30543 | 2023-04-17 | `chainId` may be outdated if user changes chains as part of connection in @web3-react |
| CVE-2023-29197 | 2023-04-17 | Improper header name validation in guzzlehttp/psr7 |
| CVE-2023-30536 | 2023-04-17 | Insecure header validation in slim/psr7 |
| CVE-2023-29213 | 2023-04-17 | org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability |
| CVE-2023-30539 | 2023-04-17 | Users can set up workflows using restricted and invisible system tags in Nextcloud |
| CVE-2023-30540 | 2023-04-17 | Chat poll data can still be queried from API after purging history in Nextcloud talk |
| CVE-2023-30541 | 2023-04-17 | TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts |
| CVE-2023-30547 | 2023-04-17 | Sandbox Escape in vm2 |
| CVE-2023-28863 | 2023-04-18 | AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. |
| CVE-2021-28254 | 2023-04-18 | A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands. |
| CVE-2021-40506 | 2023-04-18 | An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated for the msb and mac... |
| CVE-2021-40507 | 2023-04-18 | An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated correctly for the subtract instruction,... |
| CVE-2021-41612 | 2023-04-18 | An issue was discovered in the ALU unit of the OpenRISC mor1kx processor. The carry flag is not being updated correctly for the subtract instruction, which results in an incorrect... |
| CVE-2021-41613 | 2023-04-18 | An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register (EEAR) is not implemented correctly. User programs from authorized... |
| CVE-2021-41614 | 2023-04-18 | An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register (EPCR) are not implemented correctly. User programs... |
| CVE-2022-46640 | 2023-04-18 | Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request. |
| CVE-2023-2138 | 2023-04-18 | Use of Hard-coded Credentials in nuxtlabs/github-module |
| CVE-2023-2160 | 2023-04-18 | Weak Password Requirements in modoboa/modoboa |
| CVE-2023-27043 | 2023-04-18 | The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the... |
| CVE-2023-27092 | 2023-04-18 | Cross Site Scripting vulnerability found in Jbootfly allows attackers to obtain sensitive information via the username parameter. |
| CVE-2023-29774 | 2023-04-18 | Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS). |
| CVE-2023-29854 | 2023-04-18 | DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the foreground. |
| CVE-2023-29855 | 2023-04-18 | WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. |
| CVE-2023-29887 | 2023-04-18 | A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. |
| CVE-2023-2119 | 2023-04-18 | The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.19 due to insufficient input sanitization and... |
| CVE-2023-2120 | 2023-04-18 | The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and... |
| CVE-2023-2144 | 2023-04-18 | Campcodes Online Thesis Archiving System view_department.php sql injection |