Lista CVE - 2023 / Luglio
Visualizzazione 1301 - 1400 di 2295 CVE per Luglio 2023 (Pagina 14 di 23)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-36836 | 2023-07-14 | Junos OS and Junos OS Evolved: In a MoFRR scenario an rpd core may be observed when a low privileged CLI command is executed |
| CVE-2023-36840 | 2023-07-14 | Junos OS and Junos OS Evolved: An rpd crash occurs when a specific L2VPN command is run |
| CVE-2023-36848 | 2023-07-14 | Junos OS: MX Series: The FPC will crash on receiving a malformed CFM packet |
| CVE-2023-36883 | 2023-07-14 | Microsoft Edge for iOS Spoofing Vulnerability |
| CVE-2023-36887 | 2023-07-14 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2023-36888 | 2023-07-14 | Microsoft Edge for Android (Chromium-based) Tampering Vulnerability |
| CVE-2023-36849 | 2023-07-14 | Junos OS and Junos OS Evolved: The l2cpd will crash when a malformed LLDP packet is received |
| CVE-2023-36850 | 2023-07-14 | Junos OS: MX Series: An MPC will crash upon receipt of a malformed CFM packet. |
| CVE-2023-3633 | 2023-07-14 | Out of Bounds Memory Corruption Issue in CEVA Engine |
| CVE-2023-37474 | 2023-07-14 | Path traversal in copyparty |
| CVE-2023-37473 | 2023-07-14 | Limited code execution in zenstruck/collections |
| CVE-2023-37472 | 2023-07-14 | Query injection in Knowage server |
| CVE-2023-37464 | 2023-07-14 | Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose |
| CVE-2023-37462 | 2023-07-14 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-ui |
| CVE-2023-37268 | 2023-07-14 | User login confusion with SSO in warpgate |
| CVE-2023-34236 | 2023-07-14 | Information Disclosure Vulnerability in Weave GitOps Terraform Controller |
| CVE-2023-36466 | 2023-07-14 | Topic Title Validation Skipped When Changing Category in Discourse |
| CVE-2023-36818 | 2023-07-14 | Denial of service via User Custom Sidebar Section Unlimited Link Creation in discourse |
| CVE-2021-31294 | 2023-07-15 | Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis... |
| CVE-2023-35802 | 2023-07-15 | IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct... |
| CVE-2023-38349 | 2023-07-15 | PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26. |
| CVE-2023-38350 | 2023-07-15 | PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26. |
| CVE-2023-3678 | 2023-07-15 | SourceCodester AC Repair and Services System HTTP POST Request sql injection |
| CVE-2023-3679 | 2023-07-15 | SourceCodester Lost and Found Information System HTTP POST Request sql injection |
| CVE-2023-3680 | 2023-07-15 | SourceCodester Lost and Found Information System HTTP POST Request sql injection |
| CVE-2023-3681 | 2023-07-15 | Campcodes Retro Cellphone Online Store modal_add_product.php cross site scripting |
| CVE-2023-3682 | 2023-07-15 | Nesote Inout Blockchain EasyPayments POST Parameter getcoinaddress sql injection |
| CVE-2023-2268 | 2023-07-15 | Plane v0.7.1 - Unauthorized access to files |
| CVE-2023-30791 | 2023-07-15 | Plane 0.7.1 - Insecure file upload |
| CVE-2023-2507 | 2023-07-15 | CleverTap Cordova Plugin 2.6.2 - Reflected XSS |
| CVE-2023-38378 | 2023-07-16 | The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application. |
| CVE-2023-38379 | 2023-07-16 | The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e.,... |
| CVE-2023-3692 | 2023-07-16 | Unrestricted Upload of File with Dangerous Type in admidio/admidio |
| CVE-2023-3683 | 2023-07-16 | LivelyWorks Articart search cross site scripting |
| CVE-2023-3684 | 2023-07-16 | LivelyWorks Articart Base64 Encoding de_DE redirect |
| CVE-2023-3685 | 2023-07-16 | Nesote Inout Search Engine AI Edition index.php cross site scripting |
| CVE-2023-3686 | 2023-07-16 | Bylancer QuickAI OpenAI GET Parameter blog sql injection |
| CVE-2023-3687 | 2023-07-16 | Bylancer QuickVCard GET Parameter blog sql injection |
| CVE-2023-3688 | 2023-07-16 | Bylancer QuickJob GET Parameter sql injection |
| CVE-2023-3689 | 2023-07-16 | Bylancer QuickQR GET Parameter blog sql injection |
| CVE-2023-3690 | 2023-07-16 | Bylancer QuickOrder GET Parameter blog sql injection |
| CVE-2023-3691 | 2023-07-16 | layui HTML Attribute cross site scripting |
| CVE-2023-3693 | 2023-07-16 | SourceCodester Life Insurance Management System login.php sql injection |
| CVE-2023-30988 | 2023-07-16 | IBM i privilege escalation |
| CVE-2023-30989 | 2023-07-16 | IBM i privilege escalation |
| CVE-2023-3694 | 2023-07-16 | SourceCodester/projectworlds House Rental and Property Listing index.php sql injection |
| CVE-2023-35901 | 2023-07-16 | IBM Robotic Process Automation security bypass |
| CVE-2023-33857 | 2023-07-16 | IBM InfoSphere Information Server information disclosure |
| CVE-2021-37384 | 2023-07-17 | RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface. |
| CVE-2021-37386 | 2023-07-17 | Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function. |
| CVE-2022-30858 | 2023-07-17 | An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnimatedGif when use SDLaffgif. poc : ./SDLaffgif CA_file2_0 |
| CVE-2023-28864 | 2023-07-17 | Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node... |
| CVE-2023-31851 | 2023-07-17 | Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter. |
| CVE-2023-31852 | 2023-07-17 | Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter. |
| CVE-2023-31853 | 2023-07-17 | Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter. |
| CVE-2023-34669 | 2023-07-17 | TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. |
| CVE-2023-35818 | 2023-07-17 | An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU... |
| CVE-2023-36656 | 2023-07-17 | Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component. |
| CVE-2023-37769 | 2023-07-17 | stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c. |
| CVE-2023-37770 | 2023-07-17 | faust commit ee39a19 was discovered to contain a stack overflow via the component boxppShared::print() at /boxes/ppbox.cpp. |
| CVE-2023-37781 | 2023-07-17 | An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file. |
| CVE-2023-37791 | 2023-07-17 | D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin. |
| CVE-2023-38403 | 2023-07-17 | iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. |
| CVE-2023-38404 | 2023-07-17 | The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then... |
| CVE-2023-38405 | 2023-07-17 | On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash. |
| CVE-2023-38409 | 2023-07-17 | An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be... |
| CVE-2023-38426 | 2023-07-17 | An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length. |
| CVE-2023-38428 | 2023-07-17 | An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer,... |
| CVE-2023-38429 | 2023-07-17 | An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access. |
| CVE-2023-38430 | 2023-07-17 | An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read. |
| CVE-2023-38431 | 2023-07-17 | An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via... |
| CVE-2023-38432 | 2023-07-17 | An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to... |
| CVE-2023-38427 | 2023-07-17 | An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts. |
| CVE-2023-3696 | 2023-07-17 | Prototype Pollution in automattic/mongoose |
| CVE-2023-35012 | 2023-07-17 | IBM Db2 code execution |
| CVE-2023-3695 | 2023-07-17 | Campcodes Beauty Salon Management System add-product.php sql injection |
| CVE-2022-4952 | 2023-07-17 | OmniSharp csharp-language-server-protocol JSON Serializer SerializerBase.cs CreateSerializerSettings resource consumption |
| CVE-2023-2759 | 2023-07-17 | TAPHOME Improper Authentication in Core Platform |
| CVE-2023-2760 | 2023-07-17 | TAPHOME SQL Injection in Core Platform |
| CVE-2023-3700 | 2023-07-17 | Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments |
| CVE-2023-26512 | 2023-07-17 | Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data |
| CVE-2023-34036 | 2023-07-17 | Forwarded header exploit with Spring HATEOAS on WebFlux |
| CVE-2023-27606 | 2023-07-17 | WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-22672 | 2023-07-17 | WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23646 | 2023-07-17 | WordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23719 | 2023-07-17 | WordPress Premmerce Plugin <= 1.3.17 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27424 | 2023-07-17 | WordPress Inactive User Deleter Plugin <= 1.59 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2912 | 2023-07-17 | SiteManager Embedded service disruption |
| CVE-2023-3376 | 2023-07-17 | SQLi in Digital Strategys Zekiweb |
| CVE-2023-2959 | 2023-07-17 | Authentication Bypass by Primary Weakness in Oliva Expertise |
| CVE-2023-35038 | 2023-07-17 | WordPress WP PDF Generator Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-4023 | 2023-07-17 | 3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad |
| CVE-2023-2329 | 2023-07-17 | WooCommerce Google Sheet Connector < 1.3.6 - Access Code Update via CSRF |
| CVE-2023-2579 | 2023-07-17 | InventoryPress <= 1.7 - Author+ Stored XSS |
| CVE-2023-3041 | 2023-07-17 | Autochat <= 1.1.7- Unauthenticated Stored XSS |
| CVE-2023-3186 | 2023-07-17 | Supsystic Popup < 1.10.19 - Prototype Pollution |
| CVE-2023-2636 | 2023-07-17 | AN_GradeBook <= 5.0.1 - Subscriber+ SQLi |
| CVE-2023-2143 | 2023-07-17 | Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS |
| CVE-2023-1893 | 2023-07-17 | Login Configurator <= 2.1 - Reflected Cross-Site Scripting |
| CVE-2023-3179 | 2023-07-17 | POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF |