Lista CVE - 2023 / Aprile
Visualizzazione 1601 - 1700 di 2302 CVE per Aprile 2023 (Pagina 17 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-21082 | 2023-04-19 | In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local information disclosure with User... |
| CVE-2023-21083 | 2023-04-19 | In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege... |
| CVE-2023-21084 | 2023-04-19 | In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-21085 | 2023-04-19 | In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution... |
| CVE-2023-21086 | 2023-04-19 | In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of... |
| CVE-2023-21087 | 2023-04-19 | In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges... |
| CVE-2023-21088 | 2023-04-19 | In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of... |
| CVE-2023-21089 | 2023-04-19 | In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege... |
| CVE-2023-21090 | 2023-04-19 | In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction... |
| CVE-2023-21091 | 2023-04-19 | In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user... |
| CVE-2023-21092 | 2023-04-19 | In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation... |
| CVE-2023-21093 | 2023-04-19 | In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local... |
| CVE-2023-21094 | 2023-04-19 | In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to... |
| CVE-2023-21096 | 2023-04-19 | In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:... |
| CVE-2023-21097 | 2023-04-19 | In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional... |
| CVE-2023-21098 | 2023-04-19 | In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of... |
| CVE-2023-21099 | 2023-04-19 | In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local... |
| CVE-2023-21100 | 2023-04-19 | In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-2162 | 2023-04-19 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. |
| CVE-2023-2166 | 2023-04-19 | A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A... |
| CVE-2023-22621 | 2023-04-19 | Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel... |
| CVE-2023-22645 | 2023-04-19 | kubewarden: Excessive permissions for kubewarden-controller-manager-cluster-role |
| CVE-2023-22893 | 2023-04-19 | Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could... |
| CVE-2023-22894 | 2023-04-19 | Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain... |
| CVE-2023-23451 | 2023-04-19 | The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware... |
| CVE-2023-25759 | 2023-04-19 | OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload. |
| CVE-2023-25760 | 2023-04-19 | Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload |
| CVE-2023-26599 | 2023-04-19 | XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. |
| CVE-2023-27776 | 2023-04-19 | A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category... |
| CVE-2023-27777 | 2023-04-19 | Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL. |
| CVE-2023-28122 | 2023-04-19 | A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to... |
| CVE-2023-28123 | 2023-04-19 | A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version... |
| CVE-2023-28124 | 2023-04-19 | Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is... |
| CVE-2023-28327 | 2023-04-19 | A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a... |
| CVE-2023-28328 | 2023-04-19 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the... |
| CVE-2023-29586 | 2023-04-19 | Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy... |
| CVE-2023-29921 | 2023-04-19 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. |
| CVE-2023-29922 | 2023-04-19 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. |
| CVE-2023-29923 | 2023-04-19 | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. |
| CVE-2023-30463 | 2023-04-19 | Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support... |
| CVE-2023-2133 | 2023-04-19 | Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium... |
| CVE-2023-2134 | 2023-04-19 | Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium... |
| CVE-2023-2135 | 2023-04-19 | Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a... |
| CVE-2023-2136 | 2023-04-19 | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML... |
| CVE-2023-2137 | 2023-04-19 | Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-25619 | 2023-04-19 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol. |
| CVE-2023-25620 | 2023-04-19 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller... |
| CVE-2023-2168 | 2023-04-19 | The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and... |
| CVE-2023-2169 | 2023-04-19 | The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output... |
| CVE-2023-2170 | 2023-04-19 | The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output... |
| CVE-2022-4308 | 2023-04-19 | Clear-text passwords in configuration files |
| CVE-2023-0317 | 2023-04-19 | GateManager debug interface is included in non-debug builds |
| CVE-2022-38125 | 2023-04-19 | FTP Agent forwards traffic on inactive ports to LinkManager |
| CVE-2021-43819 | 2023-04-19 | Stargate-Bukkit improperly handles vehicles causing data duplication. |
| CVE-2023-30610 | 2023-04-19 | AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending |
| CVE-2023-30611 | 2023-04-19 | Reaction metadata exposed in private topics in Discourse-reactions |
| CVE-2023-30612 | 2023-04-19 | Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor |
| CVE-2023-30614 | 2023-04-19 | Improper Neutralization of Script-Related HTML Tags in a Web Page in pay |
| CVE-2023-1585 | 2023-04-19 | Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG... |
| CVE-2023-1586 | 2023-04-19 | Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG... |
| CVE-2023-1587 | 2023-04-19 | Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11 |
| CVE-2023-1900 | 2023-04-19 | A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to... |
| CVE-2023-30797 | 2023-04-19 | Insecure Random Generation in Netflix Lemur |
| CVE-2021-3429 | 2023-04-19 | sensitive data exposure in cloud-init logs |
| CVE-2022-2084 | 2023-04-19 | sensitive data exposure in cloud-init logs |
| CVE-2021-36436 | 2023-04-20 | An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint. |
| CVE-2021-38363 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor... |
| CVE-2021-38364 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently... |
| CVE-2022-24035 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other... |
| CVE-2022-24109 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then... |
| CVE-2022-29604 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling... |
| CVE-2022-29605 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling... |
| CVE-2022-29606 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port... |
| CVE-2022-29607 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of... |
| CVE-2022-29608 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop. |
| CVE-2022-29609 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such... |
| CVE-2022-29944 | 2023-04-20 | An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a... |
| CVE-2023-20864 | 2023-04-20 | VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as... |
| CVE-2023-20865 | 2023-04-20 | VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. |
| CVE-2023-20873 | 2023-04-20 | In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users... |
| CVE-2023-2176 | 2023-04-20 | A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to... |
| CVE-2023-2177 | 2023-04-20 | A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed.... |
| CVE-2023-2191 | 2023-04-20 | Cross-site Scripting (XSS) - Stored in azuracast/azuracast |
| CVE-2023-2194 | 2023-04-20 | An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as... |
| CVE-2023-27090 | 2023-04-20 | Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter. |
| CVE-2023-27350 | 2023-04-20 | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2023-27351 | 2023-04-20 | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2023-27352 | 2023-04-20 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2023-27353 | 2023-04-20 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2023-27354 | 2023-04-20 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2023-27355 | 2023-04-20 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2023-27652 | 2023-04-20 | An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the _default_.xml file. |
| CVE-2023-28458 | 2023-04-20 | pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file. |
| CVE-2023-28459 | 2023-04-20 | pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files. |
| CVE-2023-29926 | 2023-04-20 | PowerJob V4.3.2 has unauthorized interface that causes remote code execution. |
| CVE-2023-30076 | 2023-04-20 | Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=. |
| CVE-2014-125099 | 2023-04-20 | I Recommend This Plugin dot-irecommendthis.php sql injection |
| CVE-2022-4942 | 2023-04-20 | mportuga eslint-detailed-reporter template-generator.js renderIssue cross site scripting |
| CVE-2023-28047 | 2023-04-20 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the... |
| CVE-2023-0383 | 2023-04-20 | Uncontrolled Resource Consuption in M-Files Server |