Lista CVE - 2023 / Aprile
Visualizzazione 101 - 200 di 2302 CVE per Aprile 2023 (Pagina 2 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-36692 | 2023-04-04 | A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form... |
| CVE-2021-28235 | 2023-04-04 | Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. |
| CVE-2021-31707 | 2023-04-04 | Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type. |
| CVE-2021-3267 | 2023-04-04 | File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function. |
| CVE-2022-47870 | 2023-04-04 | A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the... |
| CVE-2022-48221 | 2023-04-04 | An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can... |
| CVE-2022-48222 | 2023-04-04 | An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is... |
| CVE-2022-48223 | 2023-04-04 | An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking... |
| CVE-2022-48224 | 2023-04-04 | An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory... |
| CVE-2022-48225 | 2023-04-04 | An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to... |
| CVE-2022-48226 | 2023-04-04 | An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time... |
| CVE-2022-48227 | 2023-04-04 | An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka... |
| CVE-2022-48228 | 2023-04-04 | An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362. |
| CVE-2022-4934 | 2023-04-04 | A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. |
| CVE-2023-0265 | 2023-04-04 | Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers. |
| CVE-2023-0325 | 2023-04-04 | Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by... |
| CVE-2023-0357 | 2023-04-04 | Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by... |
| CVE-2023-0480 | 2023-04-04 | VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF. |
| CVE-2023-0486 | 2023-04-04 | VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS. |
| CVE-2023-0738 | 2023-04-04 | OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the... |
| CVE-2023-0835 | 2023-04-04 | markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user. |
| CVE-2023-1671 | 2023-04-04 | A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. |
| CVE-2023-25303 | 2023-04-04 | ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory. |
| CVE-2023-25305 | 2023-04-04 | PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory. |
| CVE-2023-25355 | 2023-04-04 | CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can... |
| CVE-2023-25356 | 2023-04-04 | CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command,... |
| CVE-2023-26733 | 2023-04-04 | Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file. |
| CVE-2023-26750 | 2023-04-04 | SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position... |
| CVE-2023-26776 | 2023-04-04 | Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file. |
| CVE-2023-26777 | 2023-04-04 | Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter... |
| CVE-2023-26855 | 2023-04-04 | The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords. |
| CVE-2023-26866 | 2023-04-04 | GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges... |
| CVE-2023-26921 | 2023-04-04 | OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd. |
| CVE-2023-26974 | 2023-04-04 | Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0. |
| CVE-2023-26976 | 2023-04-04 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. |
| CVE-2023-26991 | 2023-04-04 | SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c. |
| CVE-2023-27089 | 2023-04-04 | Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter. |
| CVE-2023-27091 | 2023-04-04 | An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). |
| CVE-2023-27734 | 2023-04-04 | An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker to causea denial of service via the collect_symbols function in plugins/BinaryInfo/symbols.cpp. |
| CVE-2023-27759 | 2023-04-04 | An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file. |
| CVE-2023-27760 | 2023-04-04 | An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allows a remote attacker to execute arbitrary commands via the filmora_setup_full846.exe. |
| CVE-2023-27761 | 2023-04-04 | An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file. |
| CVE-2023-27762 | 2023-04-04 | An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file. |
| CVE-2023-27763 | 2023-04-04 | An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file. |
| CVE-2023-27764 | 2023-04-04 | An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file. |
| CVE-2023-27765 | 2023-04-04 | An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file. |
| CVE-2023-27766 | 2023-04-04 | An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file. |
| CVE-2023-27767 | 2023-04-04 | An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file. |
| CVE-2023-27768 | 2023-04-04 | An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file. |
| CVE-2023-27769 | 2023-04-04 | An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file. |
| CVE-2023-27770 | 2023-04-04 | An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file. |
| CVE-2023-27771 | 2023-04-04 | An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file. |
| CVE-2023-28613 | 2023-04-04 | An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can... |
| CVE-2023-29323 | 2023-04-04 | ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped... |
| CVE-2022-25678 | 2023-04-04 | Buffer Copy Without Checking Size of Input in MODEM |
| CVE-2022-25726 | 2023-04-04 | Buffer Over-read in MODEM |
| CVE-2022-25730 | 2023-04-04 | Buffer Over-read in MODEM |
| CVE-2022-25731 | 2023-04-04 | Incorrect Calculation of Buffer Size in MODEM |
| CVE-2022-25737 | 2023-04-04 | Use of Uninitialized Variable in MODEM |
| CVE-2022-25739 | 2023-04-04 | Null Point Dereference in MODEM |
| CVE-2022-25740 | 2023-04-04 | Buffer Copy Without Checking Size of Input in MODEM |
| CVE-2022-25745 | 2023-04-04 | Always Incorrect Control Flow Implementation in MODEM |
| CVE-2022-25747 | 2023-04-04 | Buffer Over-read in MODEM |
| CVE-2022-33211 | 2023-04-04 | Improper Input Validation in MODEM |
| CVE-2022-33222 | 2023-04-04 | Buffer over-read in Modem |
| CVE-2022-33223 | 2023-04-04 | Null pointer dereference in Modem |
| CVE-2022-33228 | 2023-04-04 | Buffer over-read in Modem |
| CVE-2022-33231 | 2023-04-04 | Double free in Core |
| CVE-2022-33258 | 2023-04-04 | Buffer over-read in Modem |
| CVE-2022-33259 | 2023-04-04 | Buffer copy without checking the size of input in Modem |
| CVE-2022-33269 | 2023-04-04 | Integer overflow or wraparound in Core |
| CVE-2022-33270 | 2023-04-04 | Time-of-check time-of-use race condition in Modem |
| CVE-2022-33282 | 2023-04-04 | Integer overflow to buffer overflow in Automotive Multimedia |
| CVE-2022-33287 | 2023-04-04 | Buffer over-read in Modem |
| CVE-2022-33288 | 2023-04-04 | Buffer copy without checking the size of input in Core |
| CVE-2022-33289 | 2023-04-04 | Improper validation of array index in Modem |
| CVE-2022-33291 | 2023-04-04 | Buffer over-read in Modem |
| CVE-2022-33294 | 2023-04-04 | NULL pointer dereference in Modem |
| CVE-2022-33295 | 2023-04-04 | Buffer over-read in Modem |
| CVE-2022-33296 | 2023-04-04 | Integer overflow to buffer overflow in Modem |
| CVE-2022-33297 | 2023-04-04 | Buffer overread in Linux Sensors |
| CVE-2022-33298 | 2023-04-04 | Use after free in Modem |
| CVE-2022-33301 | 2023-04-04 | Incorrect type conversion or cast in Audio |
| CVE-2022-33302 | 2023-04-04 | Improper validation of array index in User Identity Module |
| CVE-2022-40503 | 2023-04-04 | Buffer over-read in Bluetooth Host. |
| CVE-2022-40532 | 2023-04-04 | Integer overflow or wraparound in WLAN |
| CVE-2023-21630 | 2023-04-04 | Integer Overflow in Multimedia Framework |
| CVE-2023-1768 | 2023-04-04 | Symmetric agent data encryption fails silently |
| CVE-2023-1728 | 2023-04-04 | Unrestricted Upload of File with Dangerous Type in Fernus LMS |
| CVE-2023-1826 | 2023-04-04 | SourceCodester Online Computer and Laptop Store index.php unrestricted upload |
| CVE-2023-1827 | 2023-04-04 | SourceCodester Centralized Covid Vaccination Records System GET Parameter manage_location.php sql injection |
| CVE-2023-25940 | 2023-04-04 | Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and... |
| CVE-2023-25941 | 2023-04-04 | Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information... |
| CVE-2023-25942 | 2023-04-04 | Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial... |
| CVE-2023-23685 | 2023-04-04 | WordPress Portfolio – WordPress Portfolio Plugin Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-41633 | 2023-04-04 | WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23686 | 2023-04-04 | WordPress Simple Staff List Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23821 | 2023-04-04 | WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23878 | 2023-04-04 | WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28848 | 2023-04-04 | CSRF protection on user_oidc login returned the expected token in case of an error |