Lista CVE - 2023 / Maggio
Visualizzazione 101 - 200 di 2420 CVE per Maggio 2023 (Pagina 2 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-2474 | 2023-05-02 | Rebuild cross-site request forgery |
| CVE-2023-2475 | 2023-05-02 | Dromara J2eeFAST System Message cross site scripting |
| CVE-2023-2445 | 2023-05-02 | Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a... |
| CVE-2023-2476 | 2023-05-02 | Dromara J2eeFAST Announcement cross site scripting |
| CVE-2023-2477 | 2023-05-02 | Funadmin Cx.php tagLoad cross site scripting |
| CVE-2023-30861 | 2023-05-02 | Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header |
| CVE-2023-26268 | 2023-05-02 | Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes |
| CVE-2023-2459 | 2023-05-02 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-2460 | 2023-05-02 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks... |
| CVE-2023-2461 | 2023-05-02 | Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially... |
| CVE-2023-2462 | 2023-05-02 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-2463 | 2023-05-02 | Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted... |
| CVE-2023-2464 | 2023-05-02 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security... |
| CVE-2023-2465 | 2023-05-02 | Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-2466 | 2023-05-02 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-2467 | 2023-05-02 | Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-2468 | 2023-05-02 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page.... |
| CVE-2022-40318 | 2023-05-03 | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may... |
| CVE-2022-43681 | 2023-05-03 | An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option... |
| CVE-2017-11197 | 2023-05-03 | In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option. |
| CVE-2020-22429 | 2023-05-03 | redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs. |
| CVE-2022-40302 | 2023-05-03 | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may... |
| CVE-2022-4376 | 2023-05-03 | An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an... |
| CVE-2023-0155 | 2023-05-03 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled... |
| CVE-2023-0485 | 2023-05-03 | An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It... |
| CVE-2023-0756 | 2023-05-03 | An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of... |
| CVE-2023-0805 | 2023-05-03 | An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1.... |
| CVE-2023-1178 | 2023-05-03 | An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File... |
| CVE-2023-1204 | 2023-05-03 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2.... |
| CVE-2023-1265 | 2023-05-03 | An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The... |
| CVE-2023-1836 | 2023-05-03 | A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before... |
| CVE-2023-1965 | 2023-05-03 | An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1.... |
| CVE-2023-2069 | 2023-05-03 | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A... |
| CVE-2023-2182 | 2023-05-03 | An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is... |
| CVE-2023-24744 | 2023-05-03 | Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM. |
| CVE-2023-29839 | 2023-05-03 | A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname... |
| CVE-2023-30204 | 2023-05-03 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php. |
| CVE-2023-30205 | 2023-05-03 | A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php. |
| CVE-2023-30300 | 2023-05-03 | An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop. |
| CVE-2023-22691 | 2023-05-03 | WordPress Category Specific RSS feed Subscription Plugin <= v2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28070 | 2023-05-03 | Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to... |
| CVE-2023-23790 | 2023-05-03 | WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25792 | 2023-05-03 | WordPress WP Open Social Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25784 | 2023-05-03 | WordPress Sticky Ad Bar Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25797 | 2023-05-03 | WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25787 | 2023-05-03 | WordPress WP资源下载管理 Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25783 | 2023-05-03 | WordPress FireCask Like & Share Button Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25789 | 2023-05-03 | WordPress Tapfiliate Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25786 | 2023-05-03 | WordPress Eyes Only: User Access Shortcode Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-3405 | 2023-05-03 | Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber... |
| CVE-2022-30995 | 2023-05-03 | Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. |
| CVE-2023-25798 | 2023-05-03 | WordPress Olevmedia Shortcodes Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25796 | 2023-05-03 | WordPress WP BaiDu Submit Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22713 | 2023-05-03 | WordPress Gutenberg Blocks by WordPress Download Manager Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1383 | 2023-05-03 | An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon... |
| CVE-2023-1384 | 2023-05-03 | The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen... |
| CVE-2023-23708 | 2023-05-03 | WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1385 | 2023-05-03 | Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon... |
| CVE-2023-23820 | 2023-05-03 | WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23874 | 2023-05-03 | WordPress Ditty Plugin <= 3.0.32 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23876 | 2023-05-03 | WordPress wpDataTables Plugin <= 2.1.49 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25979 | 2023-05-03 | WordPress Video Gallery – YouTube Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22683 | 2023-05-03 | WordPress Clio Grow Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-46852 | 2023-05-03 | WordPress WP Table Builder – WordPress Table Plugin Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23785 | 2023-05-03 | WordPress Exquisite PayPal Donation Plugin <= v2.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23809 | 2023-05-03 | WordPress Stock market charts from finviz Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22372 | 2023-05-03 | BIG-IP Edge Client for Windows and Mac OS vulnerability |
| CVE-2023-24461 | 2023-05-03 | BIG-IP Edge Client for Windows and macOS vulnerability |
| CVE-2023-24594 | 2023-05-03 | BIG-IP TMM SSL vulnerability |
| CVE-2023-23808 | 2023-05-03 | WordPress Sponsors Carousel Plugin <= 4.02 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27378 | 2023-05-03 | BIG-IP TMUI XSS vulnerability |
| CVE-2023-28406 | 2023-05-03 | BIG-IP Configuration utility vulnerability |
| CVE-2023-28656 | 2023-05-03 | NGINX Management Suite vulnerability |
| CVE-2023-28724 | 2023-05-03 | NGINX Management Suite vulnerability |
| CVE-2023-28742 | 2023-05-03 | BIG-IP iQuery mesh vulnerability |
| CVE-2023-29163 | 2023-05-03 | BIG-IP UDP Profile vulnerability |
| CVE-2023-29240 | 2023-05-03 | BIG-IQ iControl REST Vulnerability |
| CVE-2023-23881 | 2023-05-03 | WordPress Circles Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23875 | 2023-05-03 | WordPress Bing Site Verification plugin using Meta Tag Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23830 | 2023-05-03 | WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26017 | 2023-05-03 | WordPress Jobs for WordPress Plugin <= 2.5.10.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25967 | 2023-05-03 | WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25826 | 2023-05-03 | Remote Code Execution in OpenTSDB |
| CVE-2023-25827 | 2023-05-03 | Cross-site Scripting in OpenTSDB |
| CVE-2022-39161 | 2023-05-03 | IBM WebSphere Application Server information disclosure |
| CVE-2023-22640 | 2023-05-03 | A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy... |
| CVE-2023-27999 | 2023-05-03 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically... |
| CVE-2023-27993 | 2023-05-03 | A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. |
| CVE-2022-45859 | 2023-05-03 | An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker... |
| CVE-2022-43950 | 2023-05-03 | A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all... |
| CVE-2022-45858 | 2023-05-03 | A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances... |
| CVE-2022-45860 | 2023-05-03 | A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page... |
| CVE-2023-26203 | 2023-05-03 | A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow... |
| CVE-2023-22637 | 2023-05-03 | An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all... |
| CVE-2023-20126 | 2023-05-04 | Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability |
| CVE-2022-47757 | 2023-05-04 | In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker... |
| CVE-2023-21484 | 2023-05-04 | Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation. |
| CVE-2023-21485 | 2023-05-04 | Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. |
| CVE-2023-21486 | 2023-05-04 | Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. |
| CVE-2023-21487 | 2023-05-04 | Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting. |