Lista CVE - 2023 / Settembre
Visualizzazione 1001 - 1100 di 2148 CVE per Settembre 2023 (Pagina 11 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-38215 | 2023-09-13 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2023-3935 | 2023-09-13 | Wibu: Buffer Overflow in CodeMeter Runtime |
| CVE-2023-39914 | 2023-09-13 | BER/CER/DER decoder panics on invalid input |
| CVE-2023-39915 | 2023-09-13 | Crashes on parsing certain invalid RPKI objects |
| CVE-2023-39916 | 2023-09-13 | Possible path traversal when storing RRDP responses |
| CVE-2023-4801 | 2023-09-13 | ITM MacOS Agent Improper Certificate Validation |
| CVE-2023-4802 | 2023-09-13 | ITM Server Cross-site Scripting in UpdateInstalledSoftware Endpoint |
| CVE-2023-4803 | 2023-09-13 | ITM Server Cross-site Scripting in WriteWindowTitle Endpoint |
| CVE-2023-4828 | 2023-09-13 | ITM Server Communications Hijack |
| CVE-2023-3301 | 2023-09-13 | Triggerable assertion due to race condition in hot-unplug |
| CVE-2023-4155 | 2023-09-13 | Sev-es / sev-snp vmgexit double fetch vulnerability |
| CVE-2023-3255 | 2023-09-13 | Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service |
| CVE-2023-3280 | 2023-09-13 | Cortex XDR Agent: Local Windows User Can Disable the Agent |
| CVE-2023-4785 | 2023-09-13 | Denial of Service in gRPC Core |
| CVE-2023-20135 | 2023-09-13 | A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to... |
| CVE-2023-20236 | 2023-09-13 | A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability... |
| CVE-2023-20233 | 2023-09-13 | A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an... |
| CVE-2023-20191 | 2023-09-13 | A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a... |
| CVE-2023-20190 | 2023-09-13 | A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by... |
| CVE-2023-2680 | 2023-09-13 | Dma reentrancy issue (incomplete fix for cve-2021-3750) |
| CVE-2023-3588 | 2023-09-13 | Stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x |
| CVE-2023-41892 | 2023-09-13 | Craft CMS Remote Code Execution vulnerability |
| CVE-2023-4568 | 2023-09-13 | PaperCut NG Unauthenticated XMLRPC |
| CVE-2023-23840 | 2023-09-13 | SolarWinds Platform Exposed Dangerous Method Vulnerability |
| CVE-2023-23845 | 2023-09-13 | SolarWinds Platform Exposed Dangerous Method Vulnerability |
| CVE-2021-28485 | 2023-09-14 | In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which... |
| CVE-2022-47631 | 2023-09-14 | Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service... |
| CVE-2023-36250 | 2023-09-14 | CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record. |
| CVE-2023-37739 | 2023-09-14 | i-doit Pro v25 and below was discovered to be vulnerable to path traversal. |
| CVE-2023-37755 | 2023-09-14 | i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change... |
| CVE-2023-37756 | 2023-09-14 | I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce... |
| CVE-2023-38891 | 2023-09-14 | SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. |
| CVE-2023-38912 | 2023-09-14 | SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter. |
| CVE-2023-39285 | 2023-09-14 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due... |
| CVE-2023-39286 | 2023-09-14 | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to... |
| CVE-2023-39638 | 2023-09-14 | D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin. |
| CVE-2023-39639 | 2023-09-14 | LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs. |
| CVE-2023-39641 | 2023-09-14 | Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent(). |
| CVE-2023-39642 | 2023-09-14 | Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display(). |
| CVE-2023-40779 | 2023-09-14 | An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. |
| CVE-2023-40868 | 2023-09-14 | Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions. |
| CVE-2023-40869 | 2023-09-14 | Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions. |
| CVE-2023-40955 | 2023-09-14 | A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute... |
| CVE-2023-40956 | 2023-09-14 | A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component. |
| CVE-2023-40957 | 2023-09-14 | A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute... |
| CVE-2023-40958 | 2023-09-14 | A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute... |
| CVE-2023-41010 | 2023-09-14 | Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter. |
| CVE-2023-41011 | 2023-09-14 | Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component. |
| CVE-2023-41156 | 2023-09-14 | A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to... |
| CVE-2023-41159 | 2023-09-14 | A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file... |
| CVE-2023-41160 | 2023-09-14 | A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while... |
| CVE-2023-41588 | 2023-09-14 | A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter. |
| CVE-2023-41592 | 2023-09-14 | Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2023-42178 | 2023-09-14 | Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module. |
| CVE-2023-42180 | 2023-09-14 | An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file. |
| CVE-2023-42362 | 2023-09-14 | An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file. |
| CVE-2023-42405 | 2023-09-14 | SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list(). |
| CVE-2023-4841 | 2023-09-14 | The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization... |
| CVE-2023-4944 | 2023-09-14 | The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization... |
| CVE-2023-4945 | 2023-09-14 | The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output... |
| CVE-2023-4948 | 2023-09-14 | The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to... |
| CVE-2023-26141 | 2023-09-14 | Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating... |
| CVE-2023-4814 | 2023-09-14 | A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. |
| CVE-2023-38206 | 2023-09-14 | ColdFusion | Improper Access Control (CWE-284) |
| CVE-2023-38205 | 2023-09-14 | ColdFusion Bypass - Vulnerability disclosure in ColdFusion | BYPASS CVE-2023-29298 |
| CVE-2023-38204 | 2023-09-14 | Bypass APSB23-41 (CVE-2023-38203) - Pre-Auth RCE ColdFusion 2021 Update 8 |
| CVE-2023-42503 | 2023-09-14 | Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file |
| CVE-2023-41267 | 2023-09-14 | Apache HDFS Provider error message suggested installation of incorrect pip package |
| CVE-2023-4516 | 2023-09-14 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution... |
| CVE-2023-38557 | 2023-09-14 | A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local... |
| CVE-2023-38558 | 2023-09-14 | A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin... |
| CVE-2023-2848 | 2023-09-14 | Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. |
| CVE-2023-1108 | 2023-09-14 | Undertow: infinite loop in sslconduit during close |
| CVE-2023-30909 | 2023-09-14 | A remote authentication bypass issue exists in some OneView APIs. |
| CVE-2023-4951 | 2023-09-14 | Cross Site Scripting (XSS) Issue on "Client Based Authentication Policy Configuration" Screen |
| CVE-2023-4832 | 2023-09-14 | SQLi in Aceka Holdings Company Management |
| CVE-2023-4766 | 2023-09-14 | SQLi in Movus Admin Panel |
| CVE-2023-4669 | 2023-09-14 | Authentication Bypass in Exagate SYSGuard 3001 |
| CVE-2023-4702 | 2023-09-14 | Authentication Bypass in Digital Yepas |
| CVE-2023-4972 | 2023-09-14 | Information Disclosure in Digital Yepas |
| CVE-2023-32665 | 2023-09-14 | Gvariant deserialisation does not match spec for non-normal data |
| CVE-2023-29499 | 2023-09-14 | Gvariant offset table entry size is not checked in is_normal() |
| CVE-2023-32611 | 2023-09-14 | G_variant_byteswap() can take a long time with some non-normal inputs |
| CVE-2023-32643 | 2023-09-14 | A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released... |
| CVE-2023-32636 | 2023-09-14 | A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table... |
| CVE-2023-4676 | 2023-09-14 | XSS in Yordams MedasPro |
| CVE-2023-4965 | 2023-09-14 | phpipam Header redirect |
| CVE-2023-25588 | 2023-09-14 | Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab` |
| CVE-2023-25586 | 2023-09-14 | Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized |
| CVE-2023-25585 | 2023-09-14 | Field `file_table` of `struct module *module` is uninitialized |
| CVE-2023-25584 | 2023-09-14 | Out of bounds read in parse_module function in bfd/vms-alpha.c |
| CVE-2023-4680 | 2023-09-14 | Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption |
| CVE-2022-47848 | 2023-09-15 | An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the... |
| CVE-2023-28614 | 2023-09-15 | Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page. |
| CVE-2023-36160 | 2023-09-15 | An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console. |
| CVE-2023-36657 | 2023-09-15 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation. |
| CVE-2023-36658 | 2023-09-15 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. |
| CVE-2023-36659 | 2023-09-15 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication). |
| CVE-2023-39643 | 2023-09-15 | Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds(). |
| CVE-2023-40982 | 2023-09-15 | A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter. |