Lista CVE - 2023 / Luglio
Visualizzazione 1501 - 1600 di 2295 CVE per Luglio 2023 (Pagina 16 di 23)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-37387 | 2023-07-18 | WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25036 | 2023-07-18 | WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37889 | 2023-07-18 | WordPress WPAdmin AWS CDN Plugin <= 2.0.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37973 | 2023-07-18 | WordPress Replace Word Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37892 | 2023-07-18 | WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23660 | 2023-07-18 | WordPress MainWP Maintenance Extension Plugin <= 4.1.1 is vulnerable to SQL Injection |
| CVE-2018-25088 | 2023-07-18 | Blue Yonder postgraas_server PostgreSQL Backend postgres_cluster_driver.py create_postgres_db sql injection |
| CVE-2023-32965 | 2023-07-18 | WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-34155 | 2023-07-18 | WordPress OAuth Single Sign On – SSO (OAuth Client) Plugin <= 6.23.3 is vulnerable to Broken Authentication |
| CVE-2023-30906 | 2023-07-18 | The vulnerability could be locally exploited to allow escalation of privilege. |
| CVE-2022-47421 | 2023-07-18 | WordPress ARMember (free) and ARMember (premium) plugins - vulnerable to Auth. Stored Cross Site Scripting (XSS) |
| CVE-2023-24390 | 2023-07-18 | WordPress WeSecur Security Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36384 | 2023-07-18 | WordPress Booking Calendar Contact Form Plugin <= 1.2.40 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36383 | 2023-07-18 | WordPress Event Manager for WooCommerce Plugin <= 3.9.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2020-36762 | 2023-07-18 | ONS Digital RAS Collection Instrument comment.yml jobs os command injection |
| CVE-2023-2263 | 2023-07-18 | Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A – CIP Message Attack Could Cause Denial-Of-Service |
| CVE-2023-34035 | 2023-07-18 | Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple... |
| CVE-2023-0160 | 2023-07-18 | Possibility of deadlock in libbpf function sock_hash_delete_elem |
| CVE-2023-33231 | 2023-07-18 | XSS in SolarWinds Database Performance Analyzer 2023.2 |
| CVE-2023-37259 | 2023-07-18 | Cross site scripting in Export Chat feature |
| CVE-2021-4428 | 2023-07-18 | what3words Autosuggest Plugin Setting class-w3w-autosuggest-public.php enqueue_scripts information disclosure |
| CVE-2023-34329 | 2023-07-18 | Authentication Bypass via HTTP Header Spoofing |
| CVE-2023-34330 | 2023-07-18 | Code injection via Dynamic Redfish Extension interface |
| CVE-2023-35189 | 2023-07-18 | Iagona ScrutisWeb Unrestricted Upload of File with Dangerous Type |
| CVE-2023-33329 | 2023-07-18 | WordPress Custom Post Type Generator Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38257 | 2023-07-18 | CVE-2023-38257 |
| CVE-2023-33871 | 2023-07-18 | Iagona ScrutisWeb Absolute Path Traversal |
| CVE-2023-35763 | 2023-07-18 | Iagona ScrutisWeb Use of Hard-coded Cryptographic Key |
| CVE-2023-33312 | 2023-07-18 | WordPress Easy Captcha Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28019 | 2023-07-18 | An SQL injection affects BigFix WebUI API |
| CVE-2023-28020 | 2023-07-18 | URL redirection affects BigFix WebUI |
| CVE-2023-37481 | 2023-07-18 | Fides Webserver Vulnerable to SVG Bomb File Uploads |
| CVE-2023-37480 | 2023-07-18 | Fides Webserver Vulnerable to Zip Bomb File Uploads |
| CVE-2023-37477 | 2023-07-18 | Command injection in firewall ip functionality in 1Panel |
| CVE-2023-28021 | 2023-07-18 | BigFix WebUI is vulnerable to use of a risky cryptographic algorithm |
| CVE-2023-28023 | 2023-07-18 | HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability |
| CVE-2023-2913 | 2023-07-18 | Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability |
| CVE-2023-21949 | 2023-07-18 | Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access... |
| CVE-2023-21950 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-21961 | 2023-07-18 | Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). The supported version that is affected is 21.4.3.0.0. Easily exploitable vulnerability allows... |
| CVE-2023-21974 | 2023-07-18 | Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable... |
| CVE-2023-21975 | 2023-07-18 | Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows... |
| CVE-2023-21983 | 2023-07-18 | Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker... |
| CVE-2023-21994 | 2023-07-18 | Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows... |
| CVE-2023-22004 | 2023-07-18 | Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2023-22005 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with... |
| CVE-2023-22006 | 2023-07-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE:... |
| CVE-2023-22007 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high... |
| CVE-2023-22008 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access... |
| CVE-2023-22009 | 2023-07-18 | Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workforce Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2023-22010 | 2023-07-18 | Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to... |
| CVE-2023-22011 | 2023-07-18 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged... |
| CVE-2023-22012 | 2023-07-18 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2023-22013 | 2023-07-18 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged... |
| CVE-2023-22014 | 2023-07-18 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to... |
| CVE-2023-22016 | 2023-07-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high... |
| CVE-2023-22017 | 2023-07-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low... |
| CVE-2023-22018 | 2023-07-18 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows... |
| CVE-2023-22020 | 2023-07-18 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged... |
| CVE-2023-22021 | 2023-07-18 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged... |
| CVE-2023-22022 | 2023-07-18 | Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Blinding Functionality). Supported versions that are affected are 3.1.0.2, 3.1.1.3 and 3.2.0.0. Easily... |
| CVE-2023-22023 | 2023-07-18 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon... |
| CVE-2023-22027 | 2023-07-18 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2023-22031 | 2023-07-18 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows high privileged attacker... |
| CVE-2023-22033 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network... |
| CVE-2023-22034 | 2023-07-18 | Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with... |
| CVE-2023-22035 | 2023-07-18 | Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2023-22036 | 2023-07-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE:... |
| CVE-2023-22037 | 2023-07-18 | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged... |
| CVE-2023-22038 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2023-22039 | 2023-07-18 | Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2023-22040 | 2023-07-18 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2023-22041 | 2023-07-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE:... |
| CVE-2023-22042 | 2023-07-18 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.3-12.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2023-22043 | 2023-07-18 | Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple... |
| CVE-2023-22044 | 2023-07-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE:... |
| CVE-2023-22045 | 2023-07-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE:... |
| CVE-2023-22046 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-22047 | 2023-07-18 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2023-22048 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker... |
| CVE-2023-22049 | 2023-07-18 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE:... |
| CVE-2023-22050 | 2023-07-18 | Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows... |
| CVE-2023-22051 | 2023-07-18 | Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6,... |
| CVE-2023-22052 | 2023-07-18 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session,... |
| CVE-2023-22053 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows... |
| CVE-2023-22054 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-22055 | 2023-07-18 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2023-22056 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-22057 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2023-22058 | 2023-07-18 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with... |
| CVE-2023-22060 | 2023-07-18 | Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2023-22061 | 2023-07-18 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2023-22062 | 2023-07-18 | Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2023-37897 | 2023-07-18 | Server-side Template Injection (SSTI) in grav |
| CVE-2023-22505 | 2023-07-18 | This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a... |
| CVE-2023-3527 | 2023-07-18 | Avaya Call Management System CSV injection vulnerability |
| CVE-2023-22508 | 2023-07-18 | This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a... |
| CVE-2023-22506 | 2023-07-18 | This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE (Remote Code Execution) vulnerability,... |
| CVE-2022-40896 | 2023-07-19 | A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. |
| CVE-2023-37733 | 2023-07-19 | An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file. |