Lista CVE - 2023 / Aprile
Visualizzazione 1 - 100 di 2302 CVE per Aprile 2023 (Pagina 1 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-26822 | 2023-04-01 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. |
| CVE-2023-0208 | 2023-04-01 | NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability... |
| CVE-2023-0180 | 2023-04-01 | NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. |
| CVE-2023-0181 | 2023-04-01 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of... |
| CVE-2023-0182 | 2023-04-01 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering. |
| CVE-2023-0183 | 2023-04-01 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. |
| CVE-2023-0185 | 2023-04-01 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or... |
| CVE-2023-0186 | 2023-04-01 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering. |
| CVE-2023-0187 | 2023-04-01 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. |
| CVE-2023-0188 | 2023-04-01 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds... |
| CVE-2023-0189 | 2023-04-01 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and... |
| CVE-2023-0191 | 2023-04-01 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. |
| CVE-2023-0192 | 2023-04-01 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure. |
| CVE-2023-0194 | 2023-04-01 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service. |
| CVE-2023-0195 | 2023-04-01 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant... |
| CVE-2023-0197 | 2023-04-01 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of... |
| CVE-2023-0198 | 2023-04-01 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial... |
| CVE-2023-1790 | 2023-04-01 | SourceCodester Simple Task Allocation System index.php information disclosure |
| CVE-2023-27025 | 2023-04-02 | An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. |
| CVE-2023-1791 | 2023-04-02 | SourceCodester Simple Task Allocation System manage_user.php sql injection |
| CVE-2023-1792 | 2023-04-02 | SourceCodester Simple Mobile Comparison Website GET Parameter manage_field.php sql injection |
| CVE-2023-1793 | 2023-04-02 | SourceCodester Police Crime Record Management System GET Parameter assigncase.php sql injection |
| CVE-2023-1794 | 2023-04-02 | SourceCodester Police Crime Record Management System GET Parameter casedetails.php cross site scripting |
| CVE-2023-1795 | 2023-04-02 | SourceCodester Gadget Works Online Ordering System GET Parameter index.php cross site scripting |
| CVE-2023-1796 | 2023-04-02 | SourceCodester Employee Payslip Generator Create News cross site scripting |
| CVE-2023-1797 | 2023-04-02 | OTCMS unrestricted upload |
| CVE-2023-1798 | 2023-04-02 | EyouCMS login.php cross site scripting |
| CVE-2023-1799 | 2023-04-02 | EyouCMS login.php cross site scripting |
| CVE-2023-1800 | 2023-04-02 | sjqzhang go-fastdfs File Upload uploa upload path traversal |
| CVE-2022-27665 | 2023-04-03 | Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper... |
| CVE-2022-36440 | 2023-04-03 | A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in... |
| CVE-2022-38922 | 2023-04-03 | BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload. |
| CVE-2022-38923 | 2023-04-03 | BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload. |
| CVE-2023-0225 | 2023-04-03 | A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. |
| CVE-2023-0614 | 2023-04-03 | The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys... |
| CVE-2023-0922 | 2023-04-03 | The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. |
| CVE-2023-1579 | 2023-04-03 | Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. |
| CVE-2023-1611 | 2023-04-03 | A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea |
| CVE-2023-24724 | 2023-04-03 | A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into... |
| CVE-2023-26916 | 2023-04-03 | libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. |
| CVE-2023-28836 | 2023-04-03 | Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views |
| CVE-2023-29218 | 2023-04-03 | The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a... |
| CVE-2023-26112 | 2023-04-03 | All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of... |
| CVE-2023-26119 | 2023-04-03 | Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. |
| CVE-2023-26269 | 2023-04-03 | Apache James server: Privilege escalation through unauthenticated JMX |
| CVE-2023-26529 | 2023-04-03 | WordPress DupeOff Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28625 | 2023-04-03 | mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied |
| CVE-2023-1765 | 2023-04-03 | SQLi in Panon |
| CVE-2023-1766 | 2023-04-03 | XSS in Panon |
| CVE-2023-0820 | 2023-04-03 | User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF |
| CVE-2023-1124 | 2023-04-03 | Shopping Cart & eCommerce Store < 5.4.3 - Admin+ LFI |
| CVE-2023-1330 | 2023-04-03 | Redirection < 1.1.4 - Redirect Creation via CSRF |
| CVE-2023-1377 | 2023-04-03 | Solidres <= 0.9.4 - Multiple Reflected XSS |
| CVE-2023-0399 | 2023-04-03 | Image Over Image For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS |
| CVE-2022-38072 | 2023-04-03 | An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An... |
| CVE-2023-0975 | 2023-04-03 | A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be... |
| CVE-2023-0977 | 2023-04-03 | A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting... |
| CVE-2023-28834 | 2023-04-03 | Full path of data directory exposed to Nextcloud server users |
| CVE-2023-28837 | 2023-04-03 | Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files |
| CVE-2023-28850 | 2023-04-03 | Pimcore Perspective Editor vulnerable to Cross-site Scripting in perspective name |
| CVE-2023-28851 | 2023-04-03 | Silverstripe Form Capture vulnerable to Stored Cross-Site Scripting |
| CVE-2022-43769 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
| CVE-2023-28854 | 2023-04-03 | nophp vulnerable to shell command injection on httpd user when sending a password-setting mail or mail-login mail |
| CVE-2022-43773 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource |
| CVE-2022-43938 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| CVE-2022-43939 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions |
| CVE-2022-43940 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization |
| CVE-2022-43771 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CVE-2022-43941 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference |
| CVE-2022-3960 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| CVE-2022-43772 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Insertion of Sensitive Information into Log File |
| CVE-2022-4769 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information |
| CVE-2022-4770 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information |
| CVE-2022-4771 | 2023-04-03 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2023-26775 | 2023-04-04 | File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. |
| CVE-2020-19277 | 2023-04-04 | Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor. |
| CVE-2020-19278 | 2023-04-04 | Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter. |
| CVE-2020-19279 | 2023-04-04 | Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges via symbolic links. |
| CVE-2020-19692 | 2023-04-04 | Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. |
| CVE-2020-19693 | 2023-04-04 | An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint. |
| CVE-2020-19695 | 2023-04-04 | Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. |
| CVE-2020-19697 | 2023-04-04 | Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter. |
| CVE-2020-19698 | 2023-04-04 | Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter. |
| CVE-2020-19699 | 2023-04-04 | Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the <ifram> tag in the upload file page. |
| CVE-2020-19850 | 2023-04-04 | An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests. |
| CVE-2020-20521 | 2023-04-04 | Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter. |
| CVE-2020-20522 | 2023-04-04 | Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter. |
| CVE-2020-20913 | 2023-04-04 | SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. |
| CVE-2020-20914 | 2023-04-04 | SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. |
| CVE-2020-20915 | 2023-04-04 | SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. |
| CVE-2020-21060 | 2023-04-04 | SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page. |
| CVE-2020-21487 | 2023-04-04 | Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php. |
| CVE-2020-21514 | 2023-04-04 | An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password. |
| CVE-2020-22533 | 2023-04-04 | Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter |
| CVE-2020-23257 | 2023-04-04 | Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c. |
| CVE-2020-23258 | 2023-04-04 | An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file. |
| CVE-2020-23259 | 2023-04-04 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file. |
| CVE-2020-23260 | 2023-04-04 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file. |
| CVE-2020-23327 | 2023-04-04 | Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model. |
| CVE-2020-29312 | 2023-04-04 | An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as... |