Lista CVE - 2023 / Aprile
Visualizzazione 1101 - 1200 di 2302 CVE per Aprile 2023 (Pagina 12 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-26969 | 2023-04-14 | Atropim 1.5.26 is vulnerable to Directory Traversal. |
| CVE-2023-27193 | 2023-04-14 | An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the key_ad_new_user_avoid_time field. |
| CVE-2023-27571 | 2023-04-14 | An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files. |
| CVE-2023-27572 | 2023-04-14 | An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter. |
| CVE-2023-27643 | 2023-04-14 | An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in... |
| CVE-2023-27647 | 2023-04-14 | An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method. |
| CVE-2023-27648 | 2023-04-14 | Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage. |
| CVE-2023-27649 | 2023-04-14 | SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table |
| CVE-2023-27651 | 2023-04-14 | An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the update_info field of the _default_.xml file. |
| CVE-2023-27653 | 2023-04-14 | An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files. |
| CVE-2023-27654 | 2023-04-14 | An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component. |
| CVE-2023-27666 | 2023-04-14 | Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings. |
| CVE-2023-27912 | 2023-04-14 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive... |
| CVE-2023-27913 | 2023-04-14 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash... |
| CVE-2023-27914 | 2023-04-14 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage... |
| CVE-2023-27915 | 2023-04-14 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead... |
| CVE-2023-29067 | 2023-04-14 | A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead... |
| CVE-2023-29085 | 2023-04-14 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123.... |
| CVE-2023-29086 | 2023-04-14 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123.... |
| CVE-2023-29087 | 2023-04-14 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123.... |
| CVE-2023-29088 | 2023-04-14 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123.... |
| CVE-2023-29089 | 2023-04-14 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123.... |
| CVE-2023-29090 | 2023-04-14 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123.... |
| CVE-2023-29091 | 2023-04-14 | An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123.... |
| CVE-2023-29132 | 2023-04-14 | Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing... |
| CVE-2023-29383 | 2023-04-14 | In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g.,... |
| CVE-2023-29491 | 2023-04-14 | ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in... |
| CVE-2023-29569 | 2023-04-14 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). |
| CVE-2023-29584 | 2023-04-14 | mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp. |
| CVE-2023-29621 | 2023-04-14 | Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. |
| CVE-2023-29622 | 2023-04-14 | Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php. |
| CVE-2023-29623 | 2023-04-14 | Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php. |
| CVE-2023-29625 | 2023-04-14 | Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. |
| CVE-2023-29626 | 2023-04-14 | Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php. |
| CVE-2023-29627 | 2023-04-14 | Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. |
| CVE-2023-29798 | 2023-04-14 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. |
| CVE-2023-29799 | 2023-04-14 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. |
| CVE-2023-29800 | 2023-04-14 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. |
| CVE-2023-29801 | 2023-04-14 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. |
| CVE-2023-29802 | 2023-04-14 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. |
| CVE-2023-29803 | 2023-04-14 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. |
| CVE-2023-29804 | 2023-04-14 | WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function. |
| CVE-2023-29805 | 2023-04-14 | WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function. |
| CVE-2023-29847 | 2023-04-14 | AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or... |
| CVE-2023-29850 | 2023-04-14 | SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information. |
| CVE-2023-30459 | 2023-04-14 | SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the... |
| CVE-2023-1285 | 2023-04-14 | Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause a... |
| CVE-2023-26123 | 2023-04-14 | Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting (XSS) such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break... |
| CVE-2023-2035 | 2023-04-14 | Campcodes Video Sharing Website signup.php sql injection |
| CVE-2023-2036 | 2023-04-14 | Campcodes Video Sharing Website upload.php sql injection |
| CVE-2023-2037 | 2023-04-14 | Campcodes Video Sharing Website watch.php sql injection |
| CVE-2023-2038 | 2023-04-14 | Campcodes Video Sharing Website admin_class.php sql injection |
| CVE-2023-2039 | 2023-04-14 | novel-plus sql injection |
| CVE-2023-1863 | 2023-04-14 | SQLi in Eskom Computer Water Metering Software |
| CVE-2023-2040 | 2023-04-14 | novel-plus sql injection |
| CVE-2023-2041 | 2023-04-14 | novel-plus sql injection |
| CVE-2023-2042 | 2023-04-14 | DataGear JDBC Server deserialization |
| CVE-2023-2043 | 2023-04-14 | Control iD RHiD Edit a sql injection |
| CVE-2023-2044 | 2023-04-14 | Control iD iDSecure Dispositivos Page cross site scripting |
| CVE-2023-2047 | 2023-04-14 | Campcodes Advanced Online Voting System login.php sql injection |
| CVE-2023-2048 | 2023-04-14 | Campcodes Advanced Online Voting System voters_row.php sql injection |
| CVE-2023-2049 | 2023-04-14 | Campcodes Advanced Online Voting System ballot_up.php sql injection |
| CVE-2023-2050 | 2023-04-14 | Campcodes Advanced Online Voting System positions_add.php sql injection |
| CVE-2023-2051 | 2023-04-14 | Campcodes Advanced Online Voting System positions_row.php sql injection |
| CVE-2023-1617 | 2023-04-14 | Improper Authentication Mechanism in B&R VC4 Visualization |
| CVE-2023-2052 | 2023-04-14 | Campcodes Advanced Online Voting System ballot_down.php sql injection |
| CVE-2023-2053 | 2023-04-14 | Campcodes Advanced Online Voting System candidates_row.php sql injection |
| CVE-2023-2054 | 2023-04-14 | Campcodes Advanced Online Voting System positions_delete.php sql injection |
| CVE-2023-2055 | 2023-04-14 | Campcodes Advanced Online Voting System config_save.php cross site scripting |
| CVE-2023-2056 | 2023-04-14 | DedeCMS module_main.php GetSystemFile code injection |
| CVE-2023-2057 | 2023-04-14 | EyouCms New Picture cross site scripting |
| CVE-2023-1803 | 2023-04-14 | Authentication Bypass in Redline Router |
| CVE-2023-1833 | 2023-04-14 | Authentication Bypass in Redline Router |
| CVE-2023-2058 | 2023-04-14 | EyouCms HTTP POST Request cross site scripting |
| CVE-2023-2059 | 2023-04-14 | DedeCMS select_templets.php path traversal |
| CVE-2023-28091 | 2023-04-14 | HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump |
| CVE-2022-3748 | 2023-04-14 | Improper authorization that can lead to account impersonation |
| CVE-2023-28085 | 2023-04-14 | An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials |
| CVE-2022-47501 | 2023-04-14 | Apache OFBiz: Arbitrary file reading vulnerability |
| CVE-2023-2033 | 2023-04-14 | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-29013 | 2023-04-14 | HTTP header parsing could cause a deny of service |
| CVE-2023-29529 | 2023-04-14 | matrix-js-sdk vulnerable to invisible eavesdropping in group calls |
| CVE-2023-29199 | 2023-04-14 | vm2 Sandbox escape vulnerability |
| CVE-2023-29194 | 2023-04-14 | vitess allows users to create keyspaces that can deny access to already existing keyspaces |
| CVE-2023-29018 | 2023-04-14 | OpenFeature Operator vulnerable to Cluster-level Privilege Escalation |
| CVE-2023-2073 | 2023-04-14 | Campcodes Online Traffic Offense Management System Login.php sql injection |
| CVE-2023-2074 | 2023-04-14 | Campcodes Online Traffic Offense Management System Master.php sql injection |
| CVE-2023-29193 | 2023-04-14 | SpiceDB binding metrics port to untrusted networks and can leak command-line flags |
| CVE-2023-30535 | 2023-04-14 | Snowflake JDBC vulnerable to command injection via SSO URL authentication |
| CVE-2023-2075 | 2023-04-14 | Campcodes Online Traffic Offense Management System view_details.php sql injection |
| CVE-2023-2076 | 2023-04-14 | Campcodes Online Traffic Offense Management System Users.phpp cross site scripting |
| CVE-2023-2077 | 2023-04-14 | Campcodes Online Traffic Offense Management System view_details.php cross site scripting |
| CVE-2023-24934 | 2023-04-14 | Microsoft Defender Security Feature Bypass Vulnerability |
| CVE-2023-24607 | 2023-04-15 | Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions... |
| CVE-2018-15472 | 2023-04-15 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time... |
| CVE-2018-17449 | 2023-04-15 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project... |
| CVE-2018-17450 | 2023-04-15 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading... |
| CVE-2018-17451 | 2023-04-15 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration... |
| CVE-2018-17452 | 2023-04-15 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to... |
| CVE-2018-17453 | 2023-04-15 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from... |