Lista CVE - 2023 / Maggio
Visualizzazione 1701 - 1800 di 2420 CVE per Maggio 2023 (Pagina 18 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-31245 | 2023-05-22 | Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious... |
| CVE-2023-31240 | 2023-05-22 | Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account... |
| CVE-2023-25183 | 2023-05-22 | In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub... |
| CVE-2023-2505 | 2023-05-22 | The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files. |
| CVE-2023-2504 | 2023-05-22 | Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials. |
| CVE-2022-4945 | 2023-05-22 | CVE-2022-4945 |
| CVE-2022-47311 | 2023-05-22 | CVE-2022-47311 |
| CVE-2022-47320 | 2023-05-22 | CVE-2022-47320 |
| CVE-2022-46738 | 2023-05-22 | CVE-2022-46738 |
| CVE-2022-46658 | 2023-05-22 | CVE-2022-46658 |
| CVE-2020-20012 | 2023-05-23 | WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. |
| CVE-2023-22654 | 2023-05-23 | Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web... |
| CVE-2023-23298 | 2023-05-23 | The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious... |
| CVE-2023-23299 | 2023-05-23 | The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and... |
| CVE-2023-23300 | 2023-05-23 | The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call... |
| CVE-2023-23301 | 2023-05-23 | The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious... |
| CVE-2023-23302 | 2023-05-23 | The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could... |
| CVE-2023-23303 | 2023-05-23 | The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could... |
| CVE-2023-25953 | 2023-05-23 | Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary... |
| CVE-2023-27304 | 2023-05-23 | Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. |
| CVE-2023-27384 | 2023-05-23 | Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. |
| CVE-2023-27387 | 2023-05-23 | Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view... |
| CVE-2023-27512 | 2023-05-23 | Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected... |
| CVE-2023-27514 | 2023-05-23 | OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an... |
| CVE-2023-27922 | 2023-05-23 | Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. |
| CVE-2023-27923 | 2023-05-23 | Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. |
| CVE-2023-27925 | 2023-05-23 | Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. |
| CVE-2023-27926 | 2023-05-23 | Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. |
| CVE-2023-28367 | 2023-05-23 | Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. |
| CVE-2023-28390 | 2023-05-23 | Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an... |
| CVE-2023-28392 | 2023-05-23 | Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and... |
| CVE-2023-28394 | 2023-05-23 | Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is... |
| CVE-2023-28408 | 2023-05-23 | Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information... |
| CVE-2023-2845 | 2023-05-23 | Improper Access Control in cloudexplorer-dev/cloudexplorer-lite |
| CVE-2023-29919 | 2023-05-23 | SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. |
| CVE-2023-30382 | 2023-05-23 | A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. |
| CVE-2023-31517 | 2023-05-23 | A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via opening a crafted file. |
| CVE-2023-31708 | 2023-05-23 | A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. |
| CVE-2023-31726 | 2023-05-23 | AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. |
| CVE-2023-31740 | 2023-05-23 | There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request... |
| CVE-2023-31741 | 2023-05-23 | There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request... |
| CVE-2023-31747 | 2023-05-23 | Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. |
| CVE-2023-31752 | 2023-05-23 | SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. |
| CVE-2023-31759 | 2023-05-23 | Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack. |
| CVE-2023-31761 | 2023-05-23 | Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. |
| CVE-2023-31762 | 2023-05-23 | Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack. |
| CVE-2023-31763 | 2023-05-23 | Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. |
| CVE-2023-31814 | 2023-05-23 | D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. |
| CVE-2023-31826 | 2023-05-23 | Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data. |
| CVE-2023-31860 | 2023-05-23 | Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. |
| CVE-2023-31994 | 2023-05-23 | Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a... |
| CVE-2023-31995 | 2023-05-23 | Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-31996 | 2023-05-23 | Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. |
| CVE-2023-23304 | 2023-05-23 | The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could... |
| CVE-2023-23305 | 2023-05-23 | The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack... |
| CVE-2023-23306 | 2023-05-23 | The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create... |
| CVE-2023-23545 | 2023-05-23 | Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication.... |
| CVE-2023-25440 | 2023-05-23 | Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. |
| CVE-2023-25946 | 2023-05-23 | Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions. |
| CVE-2023-26595 | 2023-05-23 | Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. |
| CVE-2023-27068 | 2023-05-23 | Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. |
| CVE-2023-27388 | 2023-05-23 | Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and... |
| CVE-2023-27397 | 2023-05-23 | Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker... |
| CVE-2023-27507 | 2023-05-23 | MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary... |
| CVE-2023-27518 | 2023-05-23 | Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary... |
| CVE-2023-27521 | 2023-05-23 | OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an... |
| CVE-2023-27920 | 2023-05-23 | Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to... |
| CVE-2023-27921 | 2023-05-23 | JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a... |
| CVE-2023-28409 | 2023-05-23 | Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. |
| CVE-2023-28413 | 2023-05-23 | Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition. |
| CVE-2023-2844 | 2023-05-23 | Authorization Bypass Through User-Controlled Key in cloudexplorer-dev/cloudexplorer-lite |
| CVE-2023-31518 | 2023-05-23 | A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file. |
| CVE-2023-31664 | 2023-05-23 | A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2023-31669 | 2023-05-23 | WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote ("). |
| CVE-2023-31670 | 2023-05-23 | An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. |
| CVE-2023-33338 | 2023-05-23 | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. |
| CVE-2023-33359 | 2023-05-23 | Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function. |
| CVE-2023-33361 | 2023-05-23 | Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. |
| CVE-2023-33362 | 2023-05-23 | Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. |
| CVE-2023-33599 | 2023-05-23 | EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php. |
| CVE-2023-33617 | 2023-05-23 | An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter. |
| CVE-2023-30469 | 2023-05-23 | Reflrected Cross Site Scripting Vulnerability in Hitachi Ops Center Analyzer |
| CVE-2023-23693 | 2023-05-23 | Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution... |
| CVE-2023-23694 | 2023-05-23 | Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary... |
| CVE-2023-25472 | 2023-05-23 | WordPress Podlove Podcast Publisher Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25481 | 2023-05-23 | WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25707 | 2023-05-23 | WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23706 | 2023-05-23 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.5.14 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23724 | 2023-05-23 | WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.9.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23705 | 2023-05-23 | WordPress Books Gallery Plugin <= 4.4.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46851 | 2023-05-23 | WordPress Starter Templates Plugin <= 3.1.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46853 | 2023-05-23 | WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23713 | 2023-05-23 | WordPress Theme Tweaker Plugin <= 5.20 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30440 | 2023-05-23 | IBM PowerVM Hypervisor denial of service |
| CVE-2023-25056 | 2023-05-23 | WordPress Feed Them Social Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26014 | 2023-05-23 | WordPress Minify HTML Plugin <= 2.1.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26011 | 2023-05-23 | WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46813 | 2023-05-23 | WordPress Advanced Database Cleaner Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25474 | 2023-05-23 | WordPress About Me 3000 widget Plugin <= 2.2.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-1209 | 2023-05-23 | Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts. |