Lista CVE - 2023 / Luglio
Visualizzazione 1101 - 1200 di 2295 CVE per Luglio 2023 (Pagina 12 di 23)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-29310 | 2023-07-12 | [FG-VD-23-007] Adobe InDesign 2023 Out-of-Bound Read Vulnerability V Notification |
| CVE-2023-29319 | 2023-07-12 | [FG-VD-23-010] Adobe InDesign 2023 Out-of-Bound Read Vulnerability VII Notification |
| CVE-2023-29315 | 2023-07-12 | [FG-VD-23-008] Adobe InDesign 2023 Out-of-Bound Read Vulnerability VI Notification |
| CVE-2023-29313 | 2023-07-12 | [FG-VD-23-014] Adobe InDesign 2023 Out-of-Bound Read Vulnerability XI Notification |
| CVE-2023-29316 | 2023-07-12 | [FG-VD-23-012] Adobe InDesign 2023 Out-of-Bound Read Vulnerability IX Notification |
| CVE-2023-29317 | 2023-07-12 | [FG-VD-23-005] Adobe InDesign 2023 Out-of-Bound Read Vulnerability III Notification |
| CVE-2023-29309 | 2023-07-12 | [FG-VD-23-003] Adobe InDesign 2023 Out-of-Bound Read Vulnerability Notification |
| CVE-2023-29318 | 2023-07-12 | [FG-VD-23-011] Adobe InDesign 2023 Out-of-Bound Read Vulnerability VIII Notification |
| CVE-2023-29308 | 2023-07-12 | [FG-VD-23-009] Adobe InDesign 2023 Arbitrary Code Execution Vulnerability Notification |
| CVE-2023-29312 | 2023-07-12 | [FG-VD-23-004] Adobe InDesign 2023 Out-of-Bound Read Vulnerability II Notification |
| CVE-2023-29314 | 2023-07-12 | [FG-VD-23-013] Adobe InDesign 2023 Out-of-Bound Read Vulnerability X Notification |
| CVE-2023-29311 | 2023-07-12 | [FG-VD-23-006] Adobe InDesign 2023 Out-of-Bound Read Vulnerability IV Notification |
| CVE-2023-38046 | 2023-07-12 | PAN-OS: Read System Files and Resources During Configuration Commit |
| CVE-2023-3641 | 2023-07-12 | khodakhah NodCMS POST Request blog-comment-4 cross site scripting |
| CVE-2023-3642 | 2023-07-12 | GZ Scripts Vacation Rental Website HTTP POST Request cross site scripting |
| CVE-2023-3643 | 2023-07-12 | Boss Mini document file inclusion |
| CVE-2023-3644 | 2023-07-12 | SourceCodester Service Provider Management System sql injection |
| CVE-2023-3635 | 2023-07-12 | Okio GzipSource unhandled exception Denial of Service |
| CVE-2021-0948 | 2023-07-12 | The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information. |
| CVE-2023-34123 | 2023-07-12 | Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
| CVE-2023-20918 | 2023-07-12 | In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation. |
| CVE-2023-20942 | 2023-07-12 | In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to... |
| CVE-2023-21145 | 2023-07-12 | In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with... |
| CVE-2023-21238 | 2023-07-12 | In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-21239 | 2023-07-12 | In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no... |
| CVE-2023-21240 | 2023-07-12 | In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction... |
| CVE-2023-21241 | 2023-07-12 | In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-21243 | 2023-07-12 | In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local... |
| CVE-2023-21245 | 2023-07-12 | In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local... |
| CVE-2023-21246 | 2023-07-12 | In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege... |
| CVE-2023-21247 | 2023-07-12 | In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with... |
| CVE-2023-21248 | 2023-07-12 | In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with... |
| CVE-2023-21249 | 2023-07-12 | In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed.... |
| CVE-2023-21250 | 2023-07-12 | In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2023-21251 | 2023-07-12 | In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with... |
| CVE-2023-21254 | 2023-07-12 | In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead... |
| CVE-2023-21255 | 2023-07-12 | In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-21256 | 2023-07-12 | In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with... |
| CVE-2023-21257 | 2023-07-12 | In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of... |
| CVE-2023-21262 | 2023-07-12 | In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction... |
| CVE-2023-21399 | 2023-07-12 | there is a possible way to bypass cryptographic assurances due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-21400 | 2023-07-12 | In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution... |
| CVE-2023-35691 | 2023-07-12 | there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is... |
| CVE-2023-35693 | 2023-07-12 | In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-35694 | 2023-07-12 | In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2022-42045 | 2023-07-13 | Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28. |
| CVE-2023-30151 | 2023-07-13 | A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter. |
| CVE-2023-31704 | 2023-07-13 | Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role. |
| CVE-2023-31705 | 2023-07-13 | A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter. |
| CVE-2023-31819 | 2023-07-13 | An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. |
| CVE-2023-31820 | 2023-07-13 | An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. |
| CVE-2023-31821 | 2023-07-13 | An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function. |
| CVE-2023-31822 | 2023-07-13 | An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store function. |
| CVE-2023-31823 | 2023-07-13 | An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official... |
| CVE-2023-31824 | 2023-07-13 | An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function. |
| CVE-2023-31825 | 2023-07-13 | An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function. |
| CVE-2023-33768 | 2023-07-13 | Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-35833 | 2023-07-13 | An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the... |
| CVE-2023-37598 | 2023-07-13 | A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function. |
| CVE-2023-37599 | 2023-07-13 | An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory |
| CVE-2023-37743 | 2023-07-13 | A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box. |
| CVE-2023-37744 | 2023-07-13 | Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php. |
| CVE-2023-37745 | 2023-07-13 | A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of... |
| CVE-2023-37746 | 2023-07-13 | A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of... |
| CVE-2023-37785 | 2023-07-13 | A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the... |
| CVE-2023-37786 | 2023-07-13 | Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port]... |
| CVE-2023-37787 | 2023-07-13 | Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php. |
| CVE-2023-37836 | 2023-07-13 | libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. |
| CVE-2023-37837 | 2023-07-13 | libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. |
| CVE-2023-37839 | 2023-07-13 | An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2023-37849 | 2023-07-13 | A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory... |
| CVE-2023-38197 | 2023-07-13 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. |
| CVE-2023-38199 | 2023-07-13 | coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted... |
| CVE-2023-38198 | 2023-07-13 | acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. |
| CVE-2023-21260 | 2023-07-13 | In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as... |
| CVE-2023-34124 | 2023-07-13 | The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
| CVE-2023-34125 | 2023-07-13 | Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions;... |
| CVE-2023-34126 | 2023-07-13 | Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7... |
| CVE-2023-34127 | 2023-07-13 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges.... |
| CVE-2023-34128 | 2023-07-13 | Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
| CVE-2023-34129 | 2023-07-13 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files... |
| CVE-2023-34130 | 2023-07-13 | SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier... |
| CVE-2023-37560 | 2023-07-13 | Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. |
| CVE-2023-37561 | 2023-07-13 | Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via... |
| CVE-2023-37566 | 2023-07-13 | Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management... |
| CVE-2023-37567 | 2023-07-13 | Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port... |
| CVE-2023-37568 | 2023-07-13 | ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to... |
| CVE-2023-2190 | 2023-07-13 | Authorization Bypass Through User-Controlled Key in GitLab |
| CVE-2023-2200 | 2023-07-13 | Improper Encoding or Escaping of Output in GitLab |
| CVE-2023-3343 | 2023-07-13 | The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows... |
| CVE-2023-3342 | 2023-07-13 | The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up... |
| CVE-2023-3424 | 2023-07-13 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2023-3444 | 2023-07-13 | Incorrect Authorization in GitLab |
| CVE-2023-3363 | 2023-07-13 | Insertion of Sensitive Information into Log File in GitLab |
| CVE-2023-3362 | 2023-07-13 | Generation of Error Message Containing Sensitive Information in GitLab |
| CVE-2023-2576 | 2023-07-13 | Incorrect Authorization in GitLab |
| CVE-2023-2620 | 2023-07-13 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-34131 | 2023-07-13 | Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier... |
| CVE-2023-34132 | 2023-07-13 | Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier... |
| CVE-2023-34133 | 2023-07-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database.... |