Lista CVE - 2023 / Aprile
Visualizzazione 1801 - 1900 di 2302 CVE per Aprile 2023 (Pagina 19 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-25512 | 2023-04-22 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A... |
| CVE-2023-25513 | 2023-04-22 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed... |
| CVE-2023-25514 | 2023-04-22 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed... |
| CVE-2023-2241 | 2023-04-22 | PoDoFo PdfXRefStreamParserObject.cpp readXRefStreamEntry heap-based overflow |
| CVE-2023-2242 | 2023-04-22 | SourceCodester Online Computer and Laptop Store GET Parameter sql injection |
| CVE-2023-2243 | 2023-04-22 | SourceCodester Complaint Management System POST Parameter registration.php sql injection |
| CVE-2023-2244 | 2023-04-22 | SourceCodester Online Eyewear Shop GET Parameter update_status.php sql injection |
| CVE-2023-2245 | 2023-04-22 | hansunCMS unrestricted upload |
| CVE-2022-4944 | 2023-04-22 | kalcaddle KodExplorer cross-site request forgery |
| CVE-2023-31043 | 2023-04-23 | EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions... |
| CVE-2022-44631 | 2023-04-23 | WordPress 1app Business Forms Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-44582 | 2023-04-23 | WordPress Apptivo Business Site CRM Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-44594 | 2023-04-23 | WordPress All in One Time Clock Lite Plugin <= 1.3.320 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47435 | 2023-04-23 | WordPress WP-OliveCart Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22718 | 2023-04-23 | WordPress User Meta Manager Plugin <= 3.4.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22698 | 2023-04-23 | WordPress Theme Blvd Responsive Google Maps Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24386 | 2023-04-23 | WordPress AI Contact Us Form Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24404 | 2023-04-23 | WordPress Marketing Performance Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45361 | 2023-04-23 | WordPress 0mk Shortener Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-44743 | 2023-04-23 | WordPress Jobs for WordPress Plugin <= 2.5.11.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23832 | 2023-04-23 | WordPress Ultimate WP Query Search Filter Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23717 | 2023-04-23 | WordPress Portfolio Slideshow Plugin <= 1.13.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23827 | 2023-04-23 | WordPress Google Maps v3 Shortcode Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23817 | 2023-04-23 | WordPress Simple PDF Viewer Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23816 | 2023-04-23 | WordPress Sitemap Index Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23806 | 2023-04-23 | WordPress WordPress Custom Settings Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25451 | 2023-04-23 | WordPress CPO Content Types Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27425 | 2023-04-23 | WordPress Electric Studio Client Login Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27614 | 2023-04-23 | WordPress Motor Racing League Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45074 | 2023-04-23 | WordPress Activity Reactions For Buddypress Plugin <= 1.0.22 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45080 | 2023-04-23 | WordPress Add Multiple Marker Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23879 | 2023-04-23 | WordPress PHP Execution Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22686 | 2023-04-23 | WordPress Nice PayPal Button Lite Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2246 | 2023-04-23 | SourceCodester Online Pizza Ordering System unrestricted upload |
| CVE-2023-23753 | 2023-04-23 | Extension - vi-solutions - Visforms Base Package for Joomla 3 |
| CVE-2023-2007 | 2023-04-24 | The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this... |
| CVE-2023-27990 | 2023-04-24 | The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35,... |
| CVE-2023-29579 | 2023-04-24 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and... |
| CVE-2023-29582 | 2023-04-24 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and... |
| CVE-2023-29583 | 2023-04-24 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and... |
| CVE-2023-31045 | 2023-04-24 | A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter.... |
| CVE-2023-31082 | 2023-04-24 | An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This... |
| CVE-2023-31085 | 2023-04-24 | An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0. |
| CVE-2022-28354 | 2023-04-24 | In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period. |
| CVE-2023-2006 | 2023-04-24 | A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations... |
| CVE-2023-2019 | 2023-04-24 | A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow... |
| CVE-2023-2250 | 2023-04-24 | A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can... |
| CVE-2023-2251 | 2023-04-24 | Uncaught Exception in eemeli/yaml |
| CVE-2023-2258 | 2023-04-24 | Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io |
| CVE-2023-2259 | 2023-04-24 | Improper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.io |
| CVE-2023-2260 | 2023-04-24 | Authorization Bypass Through User-Controlled Key in alfio-event/alf.io |
| CVE-2023-22913 | 2023-04-24 | A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could... |
| CVE-2023-22914 | 2023-04-24 | A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow... |
| CVE-2023-22915 | 2023-04-24 | A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions... |
| CVE-2023-22916 | 2023-04-24 | The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware... |
| CVE-2023-22917 | 2023-04-24 | A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions... |
| CVE-2023-22918 | 2023-04-24 | A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware... |
| CVE-2023-25131 | 2023-04-24 | Use of default password vulnerability in CyberPower PowerPanel Business |
| CVE-2023-25132 | 2023-04-24 | Unrestricted upload of file with dangerous type vulnerability in CyberPower PowerPanel Business |
| CVE-2023-25133 | 2023-04-24 | Improper privilege management vulnerability in CyberPower PowerPanel Business |
| CVE-2023-26059 | 2023-04-24 | An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload... |
| CVE-2023-26060 | 2023-04-24 | An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template... |
| CVE-2023-26061 | 2023-04-24 | An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input... |
| CVE-2023-26097 | 2023-04-24 | An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked. |
| CVE-2023-26099 | 2023-04-24 | An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure. |
| CVE-2023-26865 | 2023-04-24 | SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component. |
| CVE-2023-27848 | 2023-04-24 | broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. |
| CVE-2023-27849 | 2023-04-24 | rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. |
| CVE-2023-27991 | 2023-04-24 | The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware... |
| CVE-2023-28131 | 2023-04-24 | A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This... |
| CVE-2023-28484 | 2023-04-24 | In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. |
| CVE-2023-29469 | 2023-04-24 | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and... |
| CVE-2023-29479 | 2023-04-24 | Ribose RNP before 0.16.3 may hang when the input is malformed. |
| CVE-2023-29480 | 2023-04-24 | Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use. |
| CVE-2023-29566 | 2023-04-24 | huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. |
| CVE-2023-29570 | 2023-04-24 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2023-29578 | 2023-04-24 | mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp. |
| CVE-2023-29780 | 2023-04-24 | Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. |
| CVE-2023-29848 | 2023-04-24 | Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function. |
| CVE-2023-29849 | 2023-04-24 | Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter. |
| CVE-2023-30368 | 2023-04-24 | Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function. |
| CVE-2023-30369 | 2023-04-24 | Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. |
| CVE-2023-30370 | 2023-04-24 | In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability. |
| CVE-2023-30371 | 2023-04-24 | In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability. |
| CVE-2023-30372 | 2023-04-24 | In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability. |
| CVE-2023-30373 | 2023-04-24 | In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability. |
| CVE-2023-30375 | 2023-04-24 | In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability. |
| CVE-2023-30376 | 2023-04-24 | In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability. |
| CVE-2023-30378 | 2023-04-24 | In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability. |
| CVE-2023-30406 | 2023-04-24 | Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. |
| CVE-2023-30408 | 2023-04-24 | Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. |
| CVE-2023-30410 | 2023-04-24 | Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c. |
| CVE-2023-30414 | 2023-04-24 | Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c. |
| CVE-2023-30458 | 2023-04-24 | A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from... |
| CVE-2023-30533 | 2023-04-24 | SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected. |
| CVE-2023-31056 | 2023-04-24 | CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2,... |
| CVE-2023-31059 | 2023-04-24 | Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. |
| CVE-2023-31060 | 2023-04-24 | Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise. |
| CVE-2023-31061 | 2023-04-24 | Repetier Server through 1.4.10 does not have CSRF protection. |
| CVE-2023-31081 | 2023-04-24 | An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux). |