Lista CVE - 2023 / Maggio
Visualizzazione 301 - 400 di 2420 CVE per Maggio 2023 (Pagina 4 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-30054 | 2023-05-05 | TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. |
| CVE-2023-30065 | 2023-05-05 | MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function. |
| CVE-2023-30090 | 2023-05-05 | Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2023-30122 | 2023-05-05 | An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2023-30135 | 2023-05-05 | Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. |
| CVE-2023-30242 | 2023-05-05 | NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php. |
| CVE-2023-30243 | 2023-05-05 | Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information. |
| CVE-2023-32235 | 2023-05-05 | Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. |
| CVE-2023-32269 | 2023-05-05 | An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order... |
| CVE-2017-20183 | 2023-05-05 | External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting |
| CVE-2023-28068 | 2023-05-05 | Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to... |
| CVE-2022-45048 | 2023-05-05 | Apache Ranger: code execution vulnerability in policy expressions |
| CVE-2021-40331 | 2023-05-05 | Permissions problem in the Apache Ranger Hive Plugin |
| CVE-2022-38707 | 2023-05-05 | IBM Cognos Command Center information disclosure |
| CVE-2023-30434 | 2023-05-05 | IBM Storage Scale denial of service |
| CVE-2022-43919 | 2023-05-05 | IBM MQ denial of service |
| CVE-2023-22874 | 2023-05-05 | IBM MQ denial of service |
| CVE-2023-26285 | 2023-05-05 | IBM MQ denial of service |
| CVE-2020-4914 | 2023-05-05 | IBM Cloud Pak System Software Suite session fixation |
| CVE-2022-43866 | 2023-05-05 | IBM Maximo Asset Management cross-site scripting |
| CVE-2023-29350 | 2023-05-05 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-29354 | 2023-05-05 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2016-15031 | 2023-05-06 | PHP-Login POST Parameter class.loginscript.php checkLogin sql injection |
| CVE-2022-22313 | 2023-05-06 | IBM QRadar Data Synchronization App information disclosure |
| CVE-2023-24957 | 2023-05-06 | IBM Business Automation Workflow cross-site scripting |
| CVE-2022-43877 | 2023-05-06 | IBM UrbanCode Deploy (UCD) information disclosure |
| CVE-2023-26519 | 2023-05-06 | WordPress Publish to Schedule Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26517 | 2023-05-06 | WordPress Dashboard Widgets Suite Plugin <= 3.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2560 | 2023-05-06 | jja8 NewBingGoGo cross site scripting |
| CVE-2023-25491 | 2023-05-06 | WordPress JCH Optimize Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24400 | 2023-05-06 | WordPress Cookie Notice & Compliance for GDPR / CCPA Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2564 | 2023-05-07 | OS Command Injection in sbs20/scanservjs |
| CVE-2023-31047 | 2023-05-07 | In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload... |
| CVE-2023-32290 | 2023-05-07 | The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server. |
| CVE-2023-2565 | 2023-05-07 | SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting |
| CVE-2023-23528 | 2023-05-08 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in... |
| CVE-2020-18131 | 2023-05-08 | Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5. |
| CVE-2020-18132 | 2023-05-08 | Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit. |
| CVE-2020-18282 | 2023-05-08 | Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature. |
| CVE-2020-19660 | 2023-05-08 | Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values. |
| CVE-2020-21038 | 2023-05-08 | Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php. |
| CVE-2020-22334 | 2023-05-08 | Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php. |
| CVE-2020-22755 | 2023-05-08 | File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. |
| CVE-2020-23966 | 2023-05-08 | SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. |
| CVE-2020-36065 | 2023-05-08 | Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. |
| CVE-2021-27280 | 2023-05-08 | OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected. |
| CVE-2021-28998 | 2023-05-08 | File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. |
| CVE-2021-28999 | 2023-05-08 | SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. |
| CVE-2022-32885 | 2023-05-08 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may... |
| CVE-2022-46720 | 2023-05-08 | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out... |
| CVE-2023-1031 | 2023-05-08 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter. |
| CVE-2023-1094 | 2023-05-08 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter. |
| CVE-2023-21404 | 2023-05-08 | AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication... |
| CVE-2023-23494 | 2023-05-08 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to... |
| CVE-2023-23523 | 2023-05-08 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be... |
| CVE-2023-23525 | 2023-05-08 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to... |
| CVE-2023-23526 | 2023-05-08 | This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A... |
| CVE-2023-23527 | 2023-05-08 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS... |
| CVE-2023-23532 | 2023-05-08 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6. An app may be able... |
| CVE-2023-23533 | 2023-05-08 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the... |
| CVE-2023-23534 | 2023-05-08 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process... |
| CVE-2023-23535 | 2023-05-08 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4,... |
| CVE-2023-23536 | 2023-05-08 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4,... |
| CVE-2023-23537 | 2023-05-08 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS... |
| CVE-2023-23538 | 2023-05-08 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the... |
| CVE-2023-23540 | 2023-05-08 | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5.... |
| CVE-2023-23541 | 2023-05-08 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app... |
| CVE-2023-23542 | 2023-05-08 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app... |
| CVE-2023-23543 | 2023-05-08 | The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS... |
| CVE-2023-24505 | 2023-05-08 | Milesight NCR/Camera CWE-200: Exposure of Sensitive Information |
| CVE-2023-24506 | 2023-05-08 | Milesight NCR/Camera CWE-522: Insufficiently Protected Credentials |
| CVE-2023-24507 | 2023-05-08 | AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload |
| CVE-2023-2478 | 2023-05-08 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2.... |
| CVE-2023-2513 | 2023-05-08 | A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local... |
| CVE-2023-2566 | 2023-05-08 | Cross-site Scripting (XSS) - Stored in openemr/openemr |
| CVE-2023-2582 | 2023-05-08 | A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly... |
| CVE-2023-2583 | 2023-05-08 | Code Injection in jsreport/jsreport |
| CVE-2023-27928 | 2023-05-08 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS... |
| CVE-2023-27929 | 2023-05-08 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing a maliciously crafted... |
| CVE-2023-27931 | 2023-05-08 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.3, tvOS... |
| CVE-2023-27932 | 2023-05-08 | This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted... |
| CVE-2023-27933 | 2023-05-08 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app... |
| CVE-2023-27934 | 2023-05-08 | A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be able to cause unexpected app termination or arbitrary... |
| CVE-2023-27935 | 2023-05-08 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to... |
| CVE-2023-27936 | 2023-05-08 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5.... |
| CVE-2023-27937 | 2023-05-08 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS... |
| CVE-2023-27938 | 2023-05-08 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected... |
| CVE-2023-27941 | 2023-05-08 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An... |
| CVE-2023-27942 | 2023-05-08 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS... |
| CVE-2023-27943 | 2023-05-08 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine... |
| CVE-2023-27944 | 2023-05-08 | This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break... |
| CVE-2023-27945 | 2023-05-08 | This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system... |
| CVE-2023-27946 | 2023-05-08 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. Processing... |
| CVE-2023-27949 | 2023-05-08 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file... |
| CVE-2023-27951 | 2023-05-08 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper. |
| CVE-2023-27952 | 2023-05-08 | A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. |
| CVE-2023-27953 | 2023-05-08 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to... |
| CVE-2023-27954 | 2023-05-08 | The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4,... |
| CVE-2023-27955 | 2023-05-08 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, macOS Big Sur 11.7.5. An... |
| CVE-2023-27956 | 2023-05-08 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4.... |