Lista CVE - 2023 / Maggio
Visualizzazione 2201 - 2300 di 2420 CVE per Maggio 2023 (Pagina 23 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-31185 | 2023-05-30 | ROZCOM server framework |
| CVE-2023-31186 | 2023-05-30 | Avaya IX Workforce Engagement - User Enumeration - CWE-204: Observable Response Discrepancy |
| CVE-2023-31187 | 2023-05-30 | Avaya IX Workforce Engagement - CWE-522: Insufficiently Protected Credentials |
| CVE-2023-32218 | 2023-05-30 | Avaya IX Workforce Engagement - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| CVE-2023-33245 | 2023-05-30 | Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. |
| CVE-2023-33656 | 2023-05-30 | A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by... |
| CVE-2023-33734 | 2023-05-30 | BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php. |
| CVE-2023-33740 | 2023-05-30 | Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message. |
| CVE-2023-33741 | 2023-05-30 | Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device. |
| CVE-2023-34151 | 2023-05-30 | A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). |
| CVE-2023-34152 | 2023-05-30 | A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. |
| CVE-2023-34153 | 2023-05-30 | A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. |
| CVE-2023-34204 | 2023-05-30 | imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify... |
| CVE-2023-34205 | 2023-05-30 | In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature... |
| CVE-2023-0779 | 2023-05-30 | net: shell: Improper input validation |
| CVE-2023-2952 | 2023-05-30 | XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file |
| CVE-2023-32691 | 2023-05-30 | ginuerzh/gost vulnerable to Timing Attack |
| CVE-2023-32692 | 2023-05-30 | Remote Code Execution Vulnerability in Validation Placeholders |
| CVE-2023-32698 | 2023-05-30 | nfpm vulnerable to Incorrect Default Permissions |
| CVE-2023-32685 | 2023-05-30 | Clipboard based cross-site scripting (blocked with default CSP) in Kanboard |
| CVE-2023-33175 | 2023-05-30 | ToUI allows user-specific variables to be shared between users |
| CVE-2023-33198 | 2023-05-30 | Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API |
| CVE-2023-33182 | 2023-05-30 | Nextcloud Contacts photos only sanitized if mime type is all lower case |
| CVE-2023-26130 | 2023-05-30 | Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and... |
| CVE-2023-33183 | 2023-05-30 | Error in calendar when booking an appointment reveals the full path of the website |
| CVE-2023-33193 | 2023-05-30 | Emby Server Proxy Header Spoofing Vulnerability |
| CVE-2023-2970 | 2023-05-30 | MindSpore json_helper.cc UpdateArray memory corruption |
| CVE-2023-33186 | 2023-05-30 | Cross-site scripting vulnerability in Zulip Server development branch via topic tooltip |
| CVE-2023-33189 | 2023-05-30 | Incorrect Authorization with specially crafted requests |
| CVE-2023-33191 | 2023-05-30 | kyverno seccomp control can be circumvented |
| CVE-2023-33955 | 2023-05-30 | Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited |
| CVE-2023-30601 | 2023-05-30 | Apache Cassandra: Privilege escalation when enabling FQL/Audit logs |
| CVE-2023-2256 | 2023-05-30 | Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting |
| CVE-2023-2470 | 2023-05-30 | Add to Feedly <= 1.2.11 - Admin+ Stored XSS |
| CVE-2023-0733 | 2023-05-30 | Newsletter Popup <= 1.2 - Unauthenticated Stored XSS |
| CVE-2023-1524 | 2023-05-30 | Download Manager < 3.2.71 - Broken Access Controls |
| CVE-2023-2518 | 2023-05-30 | Easy Forms for Mailchimp < 6.8.9 - Reflected XSS |
| CVE-2023-2113 | 2023-05-30 | Autoptimize < 3.1.7 - Admin+ Stored Cross-Site Scripting via Settings Import |
| CVE-2023-0329 | 2023-05-30 | Elementor Website Builder < 3.12.2 - Admin+ SQLi |
| CVE-2023-1938 | 2023-05-30 | WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF |
| CVE-2023-2288 | 2023-05-30 | Otter - Gutenberg Blocks < 2.2.6 - Author+ PHAR Deserialization |
| CVE-2022-4676 | 2023-05-30 | OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-2287 | 2023-05-30 | Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery |
| CVE-2023-2117 | 2023-05-30 | Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal |
| CVE-2023-0443 | 2023-05-30 | AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure |
| CVE-2023-0766 | 2023-05-30 | Newsletter Popup <= 1.2 - Record Deletion via CSRF |
| CVE-2023-2223 | 2023-05-30 | Login Rebuilder < 2.8.1 - Admin+ Stored XSS |
| CVE-2023-2023 | 2023-05-30 | Custom 404 Pro < 3.7.3 - Reflected Cross-Site Scripting |
| CVE-2023-2296 | 2023-05-30 | Loginizer 1.7.8 - Reflected XSS |
| CVE-2023-2111 | 2023-05-30 | HollerBox < 2.1.4 - Admin+ SQL Injection |
| CVE-2022-45853 | 2023-05-30 | The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system... |
| CVE-2023-2973 | 2023-05-30 | SourceCodester Students Online Internship Timesheet Syste cross site scripting |
| CVE-2023-33234 | 2023-05-30 | Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration |
| CVE-2023-2650 | 2023-05-30 | Possible DoS translating ASN.1 object identifiers |
| CVE-2023-2978 | 2023-05-30 | Abstrium Pydio Cells Change Subscription authorization |
| CVE-2023-2979 | 2023-05-30 | Abstrium Pydio Cells User Creation access control |
| CVE-2023-2980 | 2023-05-30 | Abstrium Pydio Cells User Creation resource injection |
| CVE-2023-2981 | 2023-05-30 | Abstrium Pydio Cells Chat cross site scripting |
| CVE-2023-20884 | 2023-05-30 | VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due... |
| CVE-2023-24568 | 2023-05-30 | Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates. |
| CVE-2023-28079 | 2023-05-30 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges... |
| CVE-2023-28080 | 2023-05-30 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the... |
| CVE-2023-32448 | 2023-05-30 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of... |
| CVE-2023-24817 | 2023-05-30 | RIOT-OS vulnerable to Out of Bounds write in routing with SRH |
| CVE-2023-24825 | 2023-05-30 | RIOT-OS vulnerable to NULL pointer dereference in gnrc_pktbuf_mark |
| CVE-2023-24826 | 2023-05-30 | Usage of Uninitialized Timer during forwarding of Fragments with SFR |
| CVE-2023-23755 | 2023-05-30 | [20230502] - Core - Bruteforce prevention within the mfa screen |
| CVE-2023-23754 | 2023-05-30 | [20230501] - Core - Open Redirect and XSS within the mfa select |
| CVE-2022-4240 | 2023-05-30 | Unauthenticated API allowing an attacker to obtain the information about network resources |
| CVE-2023-33973 | 2023-05-30 | RIOT-OS vulnerable to NULL pointer dereference during NHC encoding |
| CVE-2022-43485 | 2023-05-30 | Insecure random number used for generating keys for signing Jwt tokens |
| CVE-2022-46361 | 2023-05-30 | Physical access to the WDM enables use of USB device to gain access to the WDM |
| CVE-2023-33974 | 2023-05-30 | RIOT-OS vulnerable to Race Condition in SFR Timeout |
| CVE-2023-33975 | 2023-05-30 | RIOT-OS vulnerable to Out of Bounds Write in _rbuf_add |
| CVE-2023-32684 | 2023-05-30 | In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file |
| CVE-2023-32689 | 2023-05-30 | Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file |
| CVE-2023-2968 | 2023-05-30 | Undefined variable usage in npm package "proxy" leads to remote denial of service |
| CVE-2023-32696 | 2023-05-30 | Excessive permissions for ckan user |
| CVE-2023-1711 | 2023-05-30 | A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information.... |
| CVE-2023-32699 | 2023-05-30 | MeterSphere denial of service vulnerability |
| CVE-2023-33177 | 2023-05-30 | Xibo CMS vulnerable to Remote Code Execution through Zip Slip |
| CVE-2023-33178 | 2023-05-30 | Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter |
| CVE-2023-33179 | 2023-05-30 | Sensitive Information Disclosure abusing SQL Injection in Xibo CMS nameFilter |
| CVE-2023-33180 | 2023-05-30 | Sensitive Information Disclosure abusing SQL Injection in Xibo CMS display map |
| CVE-2023-33181 | 2023-05-30 | Sensitive Information Disclosure abusing Stack Trace in Xibo CMS |
| CVE-2023-32342 | 2023-05-30 | IBM GSKit information disclosure |
| CVE-2023-2929 | 2023-05-30 | Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-2930 | 2023-05-30 | Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2023-2931 | 2023-05-30 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) |
| CVE-2023-2932 | 2023-05-30 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) |
| CVE-2023-2933 | 2023-05-30 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) |
| CVE-2023-2934 | 2023-05-30 | Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-2935 | 2023-05-30 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-2936 | 2023-05-30 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-2937 | 2023-05-30 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL... |
| CVE-2023-2938 | 2023-05-30 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL... |
| CVE-2023-2939 | 2023-05-30 | Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) |
| CVE-2023-2940 | 2023-05-30 | Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted... |
| CVE-2023-2941 | 2023-05-30 | Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI... |
| CVE-2023-33961 | 2023-05-30 | Leantime Stored Cross-site Scripting Vulnerability |