Lista CVE - 2023 / Luglio
Visualizzazione 2101 - 2200 di 2295 CVE per Luglio 2023 (Pagina 22 di 23)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-37981 | 2023-07-27 | WordPress Authors List Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37980 | 2023-07-27 | WordPress Custom Field For WP Job Manager Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37979 | 2023-07-27 | WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37977 | 2023-07-27 | WordPress WPFunnels Plugin <= 2.7.16 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37976 | 2023-07-27 | WordPress Radio Forge Muses Player with Skins Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37975 | 2023-07-27 | WordPress Variation Swatches for WooCommerce Plugin <= 2.3.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37970 | 2023-07-27 | WordPress MF Gig Calendar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38488 | 2023-07-27 | Kirby vulnerable to field injection in the KirbyData text storage handler |
| CVE-2023-3973 | 2023-07-27 | Cross-site Scripting (XSS) - Reflected in jgraph/drawio |
| CVE-2023-3974 | 2023-07-27 | OS Command Injection in jgraph/drawio |
| CVE-2023-3975 | 2023-07-27 | OS Command Injection in jgraph/drawio |
| CVE-2023-37894 | 2023-07-27 | WordPress Variation Images Gallery for WooCommerce Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38489 | 2023-07-27 | Kirby vulnerable to Insufficient Session Expiration after a password change |
| CVE-2023-38490 | 2023-07-27 | Kirby XML External Entity (XXE) vulnerability in the XML data handler |
| CVE-2023-38491 | 2023-07-27 | Kirby vulnerable to Cross-site scripting (XSS) from MIME type auto-detection of uploaded files |
| CVE-2023-38492 | 2023-07-27 | Kirby vulnerable to denial of service from unlimited password lengths |
| CVE-2023-37900 | 2023-07-27 | Crossplane vulnerable to denial of service from large image |
| CVE-2023-38495 | 2023-07-27 | Crossplane vulnerable to possible image tampering from missing image validation for Packages |
| CVE-2023-38504 | 2023-07-27 | Sails DoS vulnerability for apps with sockets enabled |
| CVE-2023-3980 | 2023-07-27 | Cross-site Scripting (XSS) - Stored in omeka/omeka-s |
| CVE-2023-3981 | 2023-07-27 | Server-Side Request Forgery (SSRF) in omeka/omeka-s |
| CVE-2023-3982 | 2023-07-27 | Cross-site Scripting (XSS) - Stored in omeka/omeka-s |
| CVE-2023-38505 | 2023-07-27 | DietPi-Dashboard Insufficient TLS Handshake Pool |
| CVE-2023-38509 | 2023-07-27 | XWiki Platform's obfuscated email addresses should not be sorted |
| CVE-2023-38510 | 2023-07-27 | Tolgee Lacks Permission Check for API Key for some endpoints |
| CVE-2023-23764 | 2023-07-27 | Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling |
| CVE-2022-43701 | 2023-07-27 | Insecure directory permissions on installer files |
| CVE-2022-43702 | 2023-07-27 | Incomplete verification of installation file signature |
| CVE-2022-43703 | 2023-07-27 | Incomplete verification of installation file signature |
| CVE-2022-31454 | 2023-07-28 | Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe... |
| CVE-2023-31932 | 2023-07-28 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file. |
| CVE-2023-31933 | 2023-07-28 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file. |
| CVE-2023-31934 | 2023-07-28 | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. |
| CVE-2023-31935 | 2023-07-28 | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php. |
| CVE-2023-31936 | 2023-07-28 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file. |
| CVE-2023-31937 | 2023-07-28 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file. |
| CVE-2023-37754 | 2023-07-28 | PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail. |
| CVE-2023-38331 | 2023-07-28 | Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module. |
| CVE-2023-38988 | 2023-07-28 | An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators. |
| CVE-2023-38992 | 2023-07-28 | jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData. |
| CVE-2023-39010 | 2023-07-28 | BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file. |
| CVE-2023-39013 | 2023-07-28 | Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. |
| CVE-2023-39015 | 2023-07-28 | webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader. |
| CVE-2023-39016 | 2023-07-28 | bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument. |
| CVE-2023-39017 | 2023-07-28 | quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by... |
| CVE-2023-39018 | 2023-07-28 | FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by... |
| CVE-2023-39020 | 2023-07-28 | stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument. |
| CVE-2023-39021 | 2023-07-28 | wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument. |
| CVE-2023-39022 | 2023-07-28 | oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument. |
| CVE-2023-39023 | 2023-07-28 | university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument. |
| CVE-2023-3774 | 2023-07-28 | Vault Enterprise Namespace Creation May Lead to Denial of Service |
| CVE-2023-3984 | 2023-07-28 | phpscriptpoint RecipePoint recipe-result sql injection |
| CVE-2023-34425 | 2023-07-28 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and... |
| CVE-2023-32427 | 2023-07-28 | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position... |
| CVE-2023-38601 | 2023-07-28 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to... |
| CVE-2023-38590 | 2023-07-28 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS... |
| CVE-2023-32444 | 2023-07-28 | A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to... |
| CVE-2023-38571 | 2023-07-28 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to... |
| CVE-2023-32445 | 2023-07-28 | This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura... |
| CVE-2023-38592 | 2023-07-28 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead... |
| CVE-2023-36495 | 2023-07-28 | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS... |
| CVE-2023-38599 | 2023-07-28 | A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6,... |
| CVE-2023-38604 | 2023-07-28 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS... |
| CVE-2023-28203 | 2023-07-28 | The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts. |
| CVE-2023-38598 | 2023-07-28 | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6,... |
| CVE-2023-38609 | 2023-07-28 | An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences. |
| CVE-2023-32654 | 2023-07-28 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user. |
| CVE-2023-37285 | 2023-07-28 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An... |
| CVE-2023-3985 | 2023-07-28 | SourceCodester Online Jewelry Store login.php sql injection |
| CVE-2023-3977 | 2023-07-28 | Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called... |
| CVE-2023-0958 | 2023-07-28 | Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX... |
| CVE-2023-3986 | 2023-07-28 | SourceCodester Simple Online Mens Salon Management System cross site scripting |
| CVE-2023-3987 | 2023-07-28 | SourceCodester Simple Online Mens Salon Management System sql injection |
| CVE-2023-3988 | 2023-07-28 | Cafe Billing System Order index.php sql injection |
| CVE-2023-3989 | 2023-07-28 | SourceCodester Jewelry Store System add_customer.php cross site scripting |
| CVE-2023-3990 | 2023-07-28 | Mingsoft MCMS HTTP POST Request search.do cross site scripting |
| CVE-2023-3670 | 2023-07-28 | Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting |
| CVE-2023-2685 | 2023-07-28 | Unquoted Service Path in ABB AO-OPC |
| CVE-2023-37467 | 2023-07-28 | Discourse CSP nonce reuse vulnerability for anonymous users |
| CVE-2023-37904 | 2023-07-28 | Discourse Race Condition in Accept Invite |
| CVE-2023-37906 | 2023-07-28 | Discourse vulnerable to DoS via post edit reason |
| CVE-2023-38498 | 2023-07-28 | Discourse vulnerable to DoS via defer queue |
| CVE-2023-38684 | 2023-07-28 | Discourse vulnerable to ossible DDoS due to unbounded limits in various controller actions |
| CVE-2023-38685 | 2023-07-28 | Discourse's restricted tag information visible to unauthenticated users |
| CVE-2023-3488 | 2023-07-28 | Uninitialized variable in Gecko Bootloader can leak secure stack |
| CVE-2023-3598 | 2023-07-28 | Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security... |
| CVE-2022-4906 | 2023-07-28 | Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-4907 | 2023-07-28 | Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2022-4908 | 2023-07-28 | Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2022-4909 | 2023-07-28 | Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2022-4910 | 2023-07-28 | Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2022-4911 | 2023-07-28 | Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2022-4912 | 2023-07-28 | Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-4913 | 2023-07-28 | Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium... |
| CVE-2022-4914 | 2023-07-28 | Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2022-4915 | 2023-07-28 | Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2022-4916 | 2023-07-28 | Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2022-4917 | 2023-07-28 | Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security... |
| CVE-2022-4918 | 2023-07-28 | Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2022-4919 | 2023-07-28 | Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |