Lista CVE - 2023 / Aprile
Visualizzazione 1501 - 1600 di 2302 CVE per Aprile 2023 (Pagina 16 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-21984 | 2023-04-18 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Libraries). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via... |
| CVE-2023-21985 | 2023-04-18 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to... |
| CVE-2023-21986 | 2023-04-18 | Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily... |
| CVE-2023-21987 | 2023-04-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows... |
| CVE-2023-21988 | 2023-04-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows low... |
| CVE-2023-21989 | 2023-04-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high... |
| CVE-2023-21990 | 2023-04-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high... |
| CVE-2023-21991 | 2023-04-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high... |
| CVE-2023-21992 | 2023-04-18 | Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Administer Workforce). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2023-21993 | 2023-04-18 | Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications (component: Forms). The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged... |
| CVE-2023-21996 | 2023-04-18 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2023-21997 | 2023-04-18 | Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2023-21998 | 2023-04-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high... |
| CVE-2023-21999 | 2023-04-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows... |
| CVE-2023-22000 | 2023-04-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high... |
| CVE-2023-22001 | 2023-04-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high... |
| CVE-2023-22002 | 2023-04-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high... |
| CVE-2023-22003 | 2023-04-18 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the... |
| CVE-2022-43376 | 2023-04-18 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected... |
| CVE-2022-43377 | 2023-04-18 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 -... |
| CVE-2022-43378 | 2023-04-18 | A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not... |
| CVE-2023-26048 | 2023-04-18 | OutOfMemoryError for large multipart without filename in Eclipse Jetty |
| CVE-2023-25547 | 2023-04-18 | A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare... |
| CVE-2023-25548 | 2023-04-18 | A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user.... |
| CVE-2023-25552 | 2023-04-18 | A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on... |
| CVE-2023-25554 | 2023-04-18 | A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted... |
| CVE-2023-26049 | 2023-04-18 | Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty |
| CVE-2023-25549 | 2023-04-18 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products:... |
| CVE-2023-25550 | 2023-04-18 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products:... |
| CVE-2023-25551 | 2023-04-18 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data... |
| CVE-2023-25553 | 2023-04-18 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center... |
| CVE-2023-25555 | 2023-04-18 | A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell... |
| CVE-2023-28440 | 2023-04-18 | Denial of service via admin theme import route in Discourse |
| CVE-2023-28003 | 2023-04-18 | A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of... |
| CVE-2023-28839 | 2023-04-18 | Improper neutralization in an SQL query in Shoppingfeed |
| CVE-2023-29411 | 2023-04-18 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI... |
| CVE-2023-28856 | 2023-04-18 | `HINCRBYFLOAT` can be used to crash a redis-server process |
| CVE-2023-29412 | 2023-04-18 | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. |
| CVE-2023-29413 | 2023-04-18 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. |
| CVE-2023-29410 | 2023-04-18 | A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided... |
| CVE-2023-28004 | 2023-04-18 | A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. |
| CVE-2023-29002 | 2023-04-18 | Debug mode leaks confidential data in Cilium |
| CVE-2023-29196 | 2023-04-18 | HTML injection via topic embedding in Discourse |
| CVE-2023-30538 | 2023-04-18 | Stored Cross-site Scripting via improper sanitization of svg files in Discourse |
| CVE-2023-30608 | 2023-04-18 | Parser contains an inefficient regular expression in sqlparse |
| CVE-2023-30606 | 2023-04-18 | Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse |
| CVE-2023-30552 | 2023-04-18 | SQL injection in sql/instance.py endpoint in Archery - GHSL-2022-101 |
| CVE-2023-30553 | 2023-04-18 | Multiple SQL injections in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-102 |
| CVE-2023-30554 | 2023-04-18 | SQL injection in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-103 |
| CVE-2023-30555 | 2023-04-18 | SQL injection in sql_optimize.py explain method in Archery - GHSL-2022-108 |
| CVE-2023-30556 | 2023-04-18 | SQL injection in sql_optimize.py optimize_sqltuningadvisor method in Archery - GHSL-2022-107 |
| CVE-2023-30557 | 2023-04-18 | SQL injection in data_dictionary.py table_info method in Archery - GHSL-2022-106 |
| CVE-2023-30558 | 2023-04-18 | Multiple SQL injections in sql/data_dictionary.py table_list method in Archery - GHSL-2022-105 |
| CVE-2023-30605 | 2023-04-18 | Multiple SQL injections in sql/instance.py param_edit method in Archery - GHSL-2022-104 |
| CVE-2023-29527 | 2023-04-18 | Code injection from account through AWM view sheet in xwiki platform |
| CVE-2023-29526 | 2023-04-18 | Async and display macro allow displaying and interacting with any document in restricted mode |
| CVE-2023-29525 | 2023-04-18 | Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform |
| CVE-2023-29524 | 2023-04-18 | Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform |
| CVE-2023-29523 | 2023-04-18 | Code injection in display method used in user profiles in xwiki-platform |
| CVE-2023-29518 | 2023-04-18 | Code injection from view right using Invitation.InvitationCommon in xwiki-platform |
| CVE-2023-29519 | 2023-04-18 | Code injection in org.xwiki.platform:xwiki-platform-attachment-ui |
| CVE-2023-29520 | 2023-04-18 | Page render failure due to broken translations in xwiki-platform |
| CVE-2023-29521 | 2023-04-18 | Code injection from account/view through VFS Tree macro in xwiki-platform |
| CVE-2023-29522 | 2023-04-18 | Code injection from view right on XWiki.ClassSheet in xwiki-platform |
| CVE-2023-29510 | 2023-04-18 | Code injection via unescaped translations in xwiki-platform |
| CVE-2023-29512 | 2023-04-18 | Code injection in xwiki-platform-web-templates |
| CVE-2023-29513 | 2023-04-18 | Users can be created even when registration is disabled without validation via the template macro in xwiki-platform |
| CVE-2023-29514 | 2023-04-18 | Code injection in template provider administration in xwiki-platform |
| CVE-2023-29515 | 2023-04-18 | Cross-site scripting (XSS) in xwiki-platform |
| CVE-2023-29516 | 2023-04-18 | Code injection from view right on XWiki.AttachmentSelector in xwiki-platform |
| CVE-2023-29517 | 2023-04-18 | Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer |
| CVE-2021-0872 | 2023-04-19 | In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0873 | 2023-04-19 | In PVRSRVBridgeRGXKickRS of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0874 | 2023-04-19 | In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0875 | 2023-04-19 | In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0876 | 2023-04-19 | In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0878 | 2023-04-19 | In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0879 | 2023-04-19 | In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0880 | 2023-04-19 | In PVRSRVBridgeRGXKickTA3D of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0881 | 2023-04-19 | In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0882 | 2023-04-19 | In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0883 | 2023-04-19 | In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0884 | 2023-04-19 | In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-0885 | 2023-04-19 | In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation... |
| CVE-2021-33970 | 2023-04-19 | Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges. |
| CVE-2021-33971 | 2023-04-19 | Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Total Security (http://www.360totalsecurity.com/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: This is a... |
| CVE-2021-33972 | 2023-04-19 | Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges. |
| CVE-2021-33973 | 2023-04-19 | Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges. |
| CVE-2021-33974 | 2023-04-19 | Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Chrome (https://browser.360.cn/ee/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: This is a set... |
| CVE-2021-33975 | 2023-04-19 | Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges. |
| CVE-2022-2507 | 2023-04-19 | In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage |
| CVE-2023-1382 | 2023-04-19 | A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk... |
| CVE-2023-20862 | 2023-04-19 | In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if... |
| CVE-2023-20909 | 2023-04-19 | In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2023-20935 | 2023-04-19 | In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution... |
| CVE-2023-20941 | 2023-04-19 | In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution... |
| CVE-2023-20950 | 2023-04-19 | In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-20967 | 2023-04-19 | In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-21080 | 2023-04-19 | In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-21081 | 2023-04-19 | In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead... |