Lista CVE - 2023 / Luglio
Visualizzazione 1001 - 1100 di 2295 CVE per Luglio 2023 (Pagina 11 di 23)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-30937 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30938 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30939 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30940 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30941 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30942 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30913 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33898 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33899 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33900 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-32788 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-32789 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33879 | 2023-07-12 | In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33880 | 2023-07-12 | In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33881 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33882 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33883 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33884 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33885 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33886 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33887 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33888 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33889 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33890 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33891 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33892 | 2023-07-12 | In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33893 | 2023-07-12 | In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33894 | 2023-07-12 | In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33895 | 2023-07-12 | In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33896 | 2023-07-12 | In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2023-33897 | 2023-07-12 | In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2023-33901 | 2023-07-12 | In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33902 | 2023-07-12 | In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-33903 | 2023-07-12 | In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48450 | 2023-07-12 | In bluetooth service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2023-33904 | 2023-07-12 | In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2023-33905 | 2023-07-12 | In iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2022-48451 | 2023-07-12 | In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed. |
| CVE-2023-37579 | 2023-07-12 | Apache Pulsar Function Worker: Incorrect Authorization for Function Worker Can Leak Sink/Source Credentials |
| CVE-2023-31007 | 2023-07-12 | Apache Pulsar: Broker does not always disconnect client when authentication data expires |
| CVE-2023-30429 | 2023-07-12 | Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy |
| CVE-2023-30428 | 2023-07-12 | Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer |
| CVE-2023-35908 | 2023-07-12 | Apache Airflow: Access to DAGs without relevant permission |
| CVE-2023-22887 | 2023-07-12 | Apache Airflow path traversal by authenticated user |
| CVE-2022-46651 | 2023-07-12 | Apache Airflow: Security vulnerability on AirFlow Connections |
| CVE-2023-36543 | 2023-07-12 | Apache Airflow: ReDoS via dags function |
| CVE-2023-22888 | 2023-07-12 | Apache Airflow: Scheduler remote DoS |
| CVE-2023-37582 | 2023-07-12 | Apache RocketMQ: Possible remote code execution when using the update configuration function |
| CVE-2022-42009 | 2023-07-12 | Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. |
| CVE-2022-45855 | 2023-07-12 | Apache Ambari: Allows authenticated metrics consumers to perform RCE |
| CVE-2021-43760 | 2023-07-12 | Adobe Media Encoder MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-43758 | 2023-07-12 | Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-43759 | 2023-07-12 | Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-43757 | 2023-07-12 | Adobe Media Encoder 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2021-44696 | 2023-07-12 | Adobe Prelude JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-3595 | 2023-07-12 | Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution |
| CVE-2023-38061 | 2023-07-12 | In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible |
| CVE-2023-38062 | 2023-07-12 | In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations |
| CVE-2023-38063 | 2023-07-12 | In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible |
| CVE-2023-38064 | 2023-07-12 | In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log |
| CVE-2023-38065 | 2023-07-12 | In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible |
| CVE-2023-38066 | 2023-07-12 | In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads |
| CVE-2023-38067 | 2023-07-12 | In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log |
| CVE-2023-38068 | 2023-07-12 | In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms |
| CVE-2023-38069 | 2023-07-12 | In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases |
| CVE-2023-3596 | 2023-07-12 | Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service |
| CVE-2023-3600 | 2023-07-12 | During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and... |
| CVE-2023-37455 | 2023-07-12 | The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115. |
| CVE-2023-37456 | 2023-07-12 | The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115. |
| CVE-2023-20185 | 2023-07-12 | A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify... |
| CVE-2023-20207 | 2023-07-12 | A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability... |
| CVE-2023-20210 | 2023-07-12 | A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation... |
| CVE-2023-3618 | 2023-07-12 | Segmentation fault in fax3encode in libtiff/tif_fax3.c |
| CVE-2023-29298 | 2023-07-12 | Adobe ColdFusion Improper Access Control Security feature bypass |
| CVE-2023-29301 | 2023-07-12 | Adobe ColdFusion Improper Restriction of Excessive Authentication Attempts Security feature bypass |
| CVE-2023-29300 | 2023-07-12 | Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution |
| CVE-2023-37942 | 2023-07-12 | Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2023-37943 | 2023-07-12 | Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network... |
| CVE-2023-37944 | 2023-07-12 | A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,... |
| CVE-2023-37945 | 2023-07-12 | A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security... |
| CVE-2023-37946 | 2023-07-12 | Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login. |
| CVE-2023-37947 | 2023-07-12 | Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. |
| CVE-2023-37948 | 2023-07-12 | Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks. |
| CVE-2023-37949 | 2023-07-12 | A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through... |
| CVE-2023-37950 | 2023-07-12 | A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2023-37951 | 2023-07-12 | Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. |
| CVE-2023-37952 | 2023-07-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing... |
| CVE-2023-37953 | 2023-07-12 | A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,... |
| CVE-2023-37954 | 2023-07-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build. |
| CVE-2023-37955 | 2023-07-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. |
| CVE-2023-37956 | 2023-07-12 | A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. |
| CVE-2023-37957 | 2023-07-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token. |
| CVE-2023-37958 | 2023-07-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL. |
| CVE-2023-37959 | 2023-07-12 | A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
| CVE-2023-37960 | 2023-07-12 | Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems. |
| CVE-2023-37961 | 2023-07-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account. |
| CVE-2023-37962 | 2023-07-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories,... |
| CVE-2023-37963 | 2023-07-12 | A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of... |
| CVE-2023-37964 | 2023-07-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,... |
| CVE-2023-37965 | 2023-07-12 | A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another... |