Lista CVE - 2023 / Aprile
Visualizzazione 2101 - 2200 di 2302 CVE per Aprile 2023 (Pagina 22 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-45876 | 2023-04-26 | CVE-2022-45876 |
| CVE-2023-1786 | 2023-04-26 | sensitive data exposure in cloud-init logs |
| CVE-2023-2297 | 2023-04-26 | The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to... |
| CVE-2023-29489 | 2023-04-27 | An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18,... |
| CVE-2022-25091 | 2023-04-27 | Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature. |
| CVE-2022-31647 | 2023-04-27 | Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. |
| CVE-2022-34292 | 2023-04-27 | Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar... |
| CVE-2022-37326 | 2023-04-27 | Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the... |
| CVE-2022-38730 | 2023-04-27 | Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class.... |
| CVE-2022-47758 | 2023-04-27 | Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. |
| CVE-2023-20852 | 2023-04-27 | aEnrich a+HRD - Deserialization of Untrusted Data |
| CVE-2023-20853 | 2023-04-27 | aEnrich a+HRD - Deserialization of Untrusted Data |
| CVE-2023-22901 | 2023-04-27 | ChangingTec MOTP - Path Traversal |
| CVE-2023-2322 | 2023-04-27 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-2323 | 2023-04-27 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-2327 | 2023-04-27 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-2328 | 2023-04-27 | Cross-site Scripting (XSS) - Generic in pimcore/pimcore |
| CVE-2023-2336 | 2023-04-27 | Path Traversal in pimcore/pimcore |
| CVE-2023-2338 | 2023-04-27 | SQL Injection in pimcore/pimcore |
| CVE-2023-2339 | 2023-04-27 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore |
| CVE-2023-2340 | 2023-04-27 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-2341 | 2023-04-27 | Cross-site Scripting (XSS) - Generic in pimcore/pimcore |
| CVE-2023-2342 | 2023-04-27 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore |
| CVE-2023-2343 | 2023-04-27 | Cross-site Scripting (XSS) - DOM in pimcore/pimcore |
| CVE-2023-24836 | 2023-04-27 | SUNNET CTMS - Path Traversal |
| CVE-2023-25292 | 2023-04-27 | Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. |
| CVE-2023-25437 | 2023-04-27 | An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML. |
| CVE-2023-26243 | 2023-04-27 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read... |
| CVE-2023-26244 | 2023-04-27 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker... |
| CVE-2023-26245 | 2023-04-27 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker... |
| CVE-2023-26246 | 2023-04-27 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker... |
| CVE-2023-28697 | 2023-04-27 | Moxa MiiNePort E1 - Broken Access Control |
| CVE-2023-28769 | 2023-04-27 | The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some... |
| CVE-2023-28770 | 2023-04-27 | The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the... |
| CVE-2023-29471 | 2023-04-27 | Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor. |
| CVE-2023-29950 | 2023-04-27 | swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c |
| CVE-2023-30338 | 2023-04-27 | Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article... |
| CVE-2023-30349 | 2023-04-27 | JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. |
| CVE-2023-30380 | 2023-04-27 | An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. |
| CVE-2023-31285 | 2023-04-27 | An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload... |
| CVE-2023-31286 | 2023-04-27 | An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset... |
| CVE-2023-31287 | 2023-04-27 | An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password.... |
| CVE-2023-31290 | 2023-04-27 | Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild... |
| CVE-2023-1778 | 2023-04-27 | Default Credential Vulnerability in GajShield Data Security Firewall |
| CVE-2023-2331 | 2023-04-27 | Bypassing hardening via Unquoted Service path vulnerability |
| CVE-2023-29255 | 2023-04-27 | IBM DB2 for Linux, UNIX and Windows denial of service |
| CVE-2023-30444 | 2023-04-27 | IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery |
| CVE-2023-24966 | 2023-04-27 | IBM WebSphere Application Server cross-site scripting |
| CVE-2023-2344 | 2023-04-27 | SourceCodester Service Provider Management System HTTP POST Request sql injection |
| CVE-2023-2345 | 2023-04-27 | SourceCodester Service Provider Management System improper authorization |
| CVE-2023-30847 | 2023-04-27 | H2O vulnerable to read from uninitialized pointer in the reverse proxy handler |
| CVE-2023-2346 | 2023-04-27 | SourceCodester Service Provider Management System view_inquiry.php sql injection |
| CVE-2023-2347 | 2023-04-27 | SourceCodester Service Provider Management System manage_service.php sql injection |
| CVE-2023-2348 | 2023-04-27 | SourceCodester Service Provider Management System manage_user.php sql injection |
| CVE-2023-2349 | 2023-04-27 | SourceCodester Service Provider Management System index.php cross site scripting |
| CVE-2023-30848 | 2023-04-27 | Pimcore SQL Injection Vulnerability in Admin Search Find API |
| CVE-2023-2350 | 2023-04-27 | SourceCodester Service Provider Management System Users.php cross site scripting |
| CVE-2023-30849 | 2023-04-27 | Pimcore vulnerable to SQL Injection in Translation Export API |
| CVE-2023-30850 | 2023-04-27 | Pimcore SQL Injection Vulnerability in Admin Translations API |
| CVE-2023-30852 | 2023-04-27 | Pimcore Arbitrary File Read in Admin JS CSS files |
| CVE-2023-30624 | 2023-04-27 | Wasmtime has Undefined Behavior in Rust runtime functions |
| CVE-2023-2158 | 2023-04-27 | Impersonation through User-Controlled Token |
| CVE-2023-2335 | 2023-04-27 | Plaintext Password in Registry |
| CVE-2023-28261 | 2023-04-27 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-28286 | 2023-04-27 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2023-2355 | 2023-04-27 | Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900. |
| CVE-2023-21712 | 2023-04-27 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2023-27860 | 2023-04-27 | IBM Maximo Asset Management information disclosure |
| CVE-2023-1967 | 2023-04-27 | CVE-2023-1967 |
| CVE-2023-29150 | 2023-04-27 | CVE-2023-29150 |
| CVE-2023-29169 | 2023-04-27 | CVE-2023-29169 |
| CVE-2023-28384 | 2023-04-27 | CVE-2023-28384 |
| CVE-2023-28716 | 2023-04-27 | CVE-2023-28716 |
| CVE-2023-28400 | 2023-04-27 | CVE-2023-28400 |
| CVE-2023-28472 | 2023-04-28 | Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. |
| CVE-2023-28473 | 2023-04-28 | Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section. |
| CVE-2023-28474 | 2023-04-28 | Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search. |
| CVE-2023-28475 | 2023-04-28 | Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. |
| CVE-2023-28476 | 2023-04-28 | Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files. |
| CVE-2023-28477 | 2023-04-28 | Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. |
| CVE-2023-28819 | 2023-04-28 | Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names. |
| CVE-2023-31436 | 2023-04-28 | qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. |
| CVE-2020-21643 | 2023-04-28 | Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. |
| CVE-2020-23647 | 2023-04-28 | Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. |
| CVE-2022-38583 | 2023-04-28 | On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user... |
| CVE-2022-41397 | 2023-04-28 | The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files... |
| CVE-2022-41398 | 2023-04-28 | The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login... |
| CVE-2022-41399 | 2023-04-28 | The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database... |
| CVE-2022-41400 | 2023-04-28 | Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory.... |
| CVE-2023-2356 | 2023-04-28 | Relative Path Traversal in mlflow/mlflow |
| CVE-2023-2361 | 2023-04-28 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-24269 | 2023-04-28 | An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. |
| CVE-2023-26781 | 2023-04-28 | SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search. |
| CVE-2023-26782 | 2023-04-28 | An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. |
| CVE-2023-26813 | 2023-04-28 | SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do. |
| CVE-2023-28471 | 2023-04-28 | Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name. |
| CVE-2023-28820 | 2023-04-28 | Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. |
| CVE-2023-28821 | 2023-04-28 | Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. |
| CVE-2023-28882 | 2023-04-28 | Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. |
| CVE-2023-29815 | 2023-04-28 | mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF). |