Lista CVE - 2023 / Aprile
Visualizzazione 201 - 300 di 2302 CVE per Aprile 2023 (Pagina 3 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-28997 | 2023-04-04 | Nextcloud Desktop: Initialization vector reuse in E2EE allows malicious server admin to break, manipulate, access files |
| CVE-2023-23870 | 2023-04-04 | WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28998 | 2023-04-04 | Nextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keys |
| CVE-2023-28999 | 2023-04-04 | Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders |
| CVE-2023-29000 | 2023-04-04 | Nextcloud Desktop client does not verify received singed certificate in end-to-end encryption |
| CVE-2023-23977 | 2023-04-04 | WordPress Heateor Social Comments Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-48435 | 2023-04-04 | In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file |
| CVE-2023-26437 | 2023-04-04 | Deterred spoofing attempts can lead to authoritative servers being marked unavailable |
| CVE-2023-27487 | 2023-04-04 | Envoy client may fake the header `x-envoy-original-path` |
| CVE-2023-1750 | 2023-04-04 | CVE-2023-1750 |
| CVE-2023-1751 | 2023-04-04 | CVE-2023-1751 |
| CVE-2023-1749 | 2023-04-04 | CVE-2023-1749 |
| CVE-2023-1752 | 2023-04-04 | CVE-2023-1752 |
| CVE-2023-1748 | 2023-04-04 | CVE-2023-1748 |
| CVE-2023-27488 | 2023-04-04 | Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received. |
| CVE-2023-27491 | 2023-04-04 | Envoy forwards invalid Http2/Http3 downstream headers |
| CVE-2023-27492 | 2023-04-04 | Envoy may crash when a large request body is processed in Lua filter |
| CVE-2023-1840 | 2023-04-04 | The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization... |
| CVE-2023-27493 | 2023-04-04 | Envoy doesn't escape HTTP header values |
| CVE-2023-27496 | 2023-04-04 | Envoy may crash when a redirect url without a state param is received in the oauth filter |
| CVE-2023-28842 | 2023-04-04 | moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated |
| CVE-2023-28841 | 2023-04-04 | moby/moby's dockerd daemon encrypted overlay network traffic may be unencrypted |
| CVE-2023-28840 | 2023-04-04 | moby/moby's dockerd daemon encrypted overlay network may be unauthenticated |
| CVE-2023-28853 | 2023-04-04 | Mastodon's blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP database |
| CVE-2023-29003 | 2023-04-04 | SvelteKit has Insufficient Cross-Site Request Forgery Protection |
| CVE-2023-1810 | 2023-04-04 | Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2023-1811 | 2023-04-04 | Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption... |
| CVE-2023-1812 | 2023-04-04 | Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.... |
| CVE-2023-1813 | 2023-04-04 | Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted... |
| CVE-2023-1814 | 2023-04-04 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-1815 | 2023-04-04 | Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap... |
| CVE-2023-1816 | 2023-04-04 | Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-1817 | 2023-04-04 | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-1818 | 2023-04-04 | Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-1819 | 2023-04-04 | Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium... |
| CVE-2023-1820 | 2023-04-04 | Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap... |
| CVE-2023-1821 | 2023-04-04 | Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium... |
| CVE-2023-1822 | 2023-04-04 | Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-1823 | 2023-04-04 | Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-1838 | 2023-04-05 | A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to... |
| CVE-2023-20021 | 2023-04-05 | Cisco Identity Services Engine Privilege Escalation Vulnerabilities |
| CVE-2023-20022 | 2023-04-05 | Cisco Identity Services Engine Privilege Escalation Vulnerabilities |
| CVE-2023-20023 | 2023-04-05 | Cisco Identity Services Engine Privilege Escalation Vulnerabilities |
| CVE-2023-20030 | 2023-04-05 | Cisco Identity Services Engine XML External Entity Injection Vulnerability |
| CVE-2023-20051 | 2023-04-05 | Cisco Packet Data Network Gateway IPsec ICMP Denial of Service Vulnerability |
| CVE-2023-20068 | 2023-04-05 | Cisco Prime Infrastructure Reflected Cross-Site Scripting Vulnerability |
| CVE-2023-20073 | 2023-04-05 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability |
| CVE-2023-20096 | 2023-04-05 | Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability |
| CVE-2023-20102 | 2023-04-05 | Cisco Secure Network Analytics Remote Code Execution Vulnerability |
| CVE-2023-20103 | 2023-04-05 | Cisco Secure Network Analytics Remote Code Execution Vulnerability |
| CVE-2023-20117 | 2023-04-05 | Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities |
| CVE-2023-20121 | 2023-04-05 | Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities |
| CVE-2023-20122 | 2023-04-05 | Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities |
| CVE-2023-20123 | 2023-04-05 | Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay Vulnerability |
| CVE-2023-20124 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution Vulnerability |
| CVE-2023-20127 | 2023-04-05 | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities |
| CVE-2023-20128 | 2023-04-05 | Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities |
| CVE-2023-20129 | 2023-04-05 | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities |
| CVE-2023-20130 | 2023-04-05 | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities |
| CVE-2023-20131 | 2023-04-05 | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities |
| CVE-2023-20132 | 2023-04-05 | Cisco Webex Meetings Web UI Vulnerabilities |
| CVE-2023-20134 | 2023-04-05 | Cisco Webex Meetings Web UI Vulnerabilities |
| CVE-2023-20137 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20138 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20139 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20140 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20141 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20142 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20143 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20144 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20145 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20146 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20147 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20148 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20149 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20150 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20151 | 2023-04-05 | Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities |
| CVE-2023-20152 | 2023-04-05 | Cisco Identity Services Engine Command Injection Vulnerabilities |
| CVE-2023-20153 | 2023-04-05 | Cisco Identity Services Engine Command Injection Vulnerabilities |
| CVE-2023-25330 | 2023-04-05 | A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can... |
| CVE-2022-31888 | 2023-04-05 | Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. |
| CVE-2022-31889 | 2023-04-05 | Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae. |
| CVE-2022-31890 | 2023-04-05 | SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function. |
| CVE-2022-3375 | 2023-04-05 | An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It... |
| CVE-2022-3513 | 2023-04-05 | An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A... |
| CVE-2023-0319 | 2023-04-05 | An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing... |
| CVE-2023-0450 | 2023-04-05 | An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add... |
| CVE-2023-0523 | 2023-04-05 | An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email... |
| CVE-2023-0670 | 2023-04-05 | Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate... |
| CVE-2023-0838 | 2023-04-05 | An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak... |
| CVE-2023-0842 | 2023-04-05 | xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus... |
| CVE-2023-0944 | 2023-04-05 | Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is... |
| CVE-2023-0959 | 2023-04-05 | Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because... |
| CVE-2023-0967 | 2023-04-05 | Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This... |
| CVE-2023-1071 | 2023-04-05 | An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to... |
| CVE-2023-1098 | 2023-04-05 | An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10... |
| CVE-2023-1167 | 2023-04-05 | Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access... |
| CVE-2023-1417 | 2023-04-05 | An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to... |
| CVE-2023-1582 | 2023-04-05 | A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial... |
| CVE-2023-1708 | 2023-04-05 | An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from... |