Lista CVE - 2023 / Settembre
Visualizzazione 1201 - 1300 di 2148 CVE per Settembre 2023 (Pagina 13 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-37611 | 2023-09-18 | Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component. |
| CVE-2023-39039 | 2023-09-18 | An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39040 | 2023-09-18 | An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39043 | 2023-09-18 | An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39046 | 2023-09-18 | An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39049 | 2023-09-18 | An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39056 | 2023-09-18 | An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-39058 | 2023-09-18 | An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| CVE-2023-40788 | 2023-09-18 | SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs |
| CVE-2023-41443 | 2023-09-18 | SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list. |
| CVE-2023-41595 | 2023-09-18 | An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password. |
| CVE-2023-42253 | 2023-09-18 | Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scripting (XSS) in Add Accounts via Invoice No, To, and Mammul. |
| CVE-2023-42320 | 2023-09-18 | Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function. |
| CVE-2023-42328 | 2023-09-18 | An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. |
| CVE-2023-42359 | 2023-09-18 | SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php. |
| CVE-2023-42371 | 2023-09-18 | Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in... |
| CVE-2023-42387 | 2023-09-18 | An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a remote attacker to obtain sensitive information via get_db_info function in install.php. |
| CVE-2023-42520 | 2023-09-18 | Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and... |
| CVE-2023-42521 | 2023-09-18 | Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and... |
| CVE-2023-42522 | 2023-09-18 | Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security... |
| CVE-2023-42523 | 2023-09-18 | Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and... |
| CVE-2023-42524 | 2023-09-18 | Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security... |
| CVE-2023-42525 | 2023-09-18 | Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security... |
| CVE-2023-42526 | 2023-09-18 | Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and... |
| CVE-2023-43114 | 2023-09-18 | An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is... |
| CVE-2023-43115 | 2023-09-18 | In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer... |
| CVE-2023-41929 | 2023-09-18 | A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user... |
| CVE-2023-5031 | 2023-09-18 | OpenRapid RapidCMS article-add.php sql injection |
| CVE-2023-35850 | 2023-09-18 | SUNNET WMPro - Command Injection |
| CVE-2023-35851 | 2023-09-18 | SUNNET WMPro - SQL Injection |
| CVE-2023-41349 | 2023-09-18 | ASUS RT-AX88U - externally-controlled format string |
| CVE-2023-5032 | 2023-09-18 | OpenRapid RapidCMS article-edit-run.php sql injection |
| CVE-2023-5033 | 2023-09-18 | OpenRapid RapidCMS cate-edit-run.php sql injection |
| CVE-2023-5034 | 2023-09-18 | SourceCodester My Food Recipe Image Upload index.php unrestricted upload |
| CVE-2023-5036 | 2023-09-18 | Cross-Site Request Forgery (CSRF) in usememos/memos |
| CVE-2023-34999 | 2023-09-18 | A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the... |
| CVE-2023-32187 | 2023-09-18 | An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects... |
| CVE-2023-4527 | 2023-09-18 | Glibc: stack read overflow in getaddrinfo in no-aaaa mode |
| CVE-2023-4806 | 2023-09-18 | Glibc: potential use-after-free in getaddrinfo() |
| CVE-2023-41030 | 2023-09-18 | Juplink RX4-1500 Hard-coded Credential Vulnerability |
| CVE-2023-41965 | 2023-09-18 | Socomec MOD3GP-SY-120K Insecure Storage of Sensitive Information |
| CVE-2023-41084 | 2023-09-18 | Socomec MOD3GP-SY-120K Reliance on Cookies without Validation and Integrity Checking |
| CVE-2023-40221 | 2023-09-18 | Socomec MOD3GP-SY-120K Code Injection |
| CVE-2023-39452 | 2023-09-18 | Socomec MOD3GP-SY-120K Plaintext Storage of a Password |
| CVE-2023-39446 | 2023-09-18 | Socomec MOD3GP-SY-120K Cross-Site Request Forgery |
| CVE-2023-38582 | 2023-09-18 | Socomec MOD3GP-SY-120K Cross-site Scripting |
| CVE-2023-38255 | 2023-09-18 | Socomec MOD3GP-SY-120K Cross-site Scripting |
| CVE-2023-42441 | 2023-09-18 | Vyper has incorrect re-entrancy lock when key is empty string |
| CVE-2023-42443 | 2023-09-18 | Vyper vulnerable to memory corruption in certain builtins utilizing `msize` |
| CVE-2023-42446 | 2023-09-18 | Pow Mnesia cache doesn't invalidate all expired keys on startup |
| CVE-2023-42454 | 2023-09-18 | SQLpage vulnerable to public exposure of database credentials |
| CVE-2020-24089 | 2023-09-19 | An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS). |
| CVE-2022-28357 | 2023-09-19 | NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account. |
| CVE-2023-31808 | 2023-09-19 | Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled. |
| CVE-2023-36319 | 2023-09-19 | File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file. |
| CVE-2023-38351 | 2023-09-19 | MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. |
| CVE-2023-38352 | 2023-09-19 | MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack. |
| CVE-2023-38353 | 2023-09-19 | MiniTool Power Data Recovery version 11.6 and before contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack. |
| CVE-2023-38354 | 2023-09-19 | MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. |
| CVE-2023-38355 | 2023-09-19 | MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. |
| CVE-2023-38356 | 2023-09-19 | MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. |
| CVE-2023-39575 | 2023-09-19 | A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-40931 | 2023-09-19 | A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST... |
| CVE-2023-40932 | 2023-09-19 | A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the... |
| CVE-2023-40933 | 2023-09-19 | A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the... |
| CVE-2023-40934 | 2023-09-19 | A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via... |
| CVE-2023-41387 | 2023-09-19 | A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of... |
| CVE-2023-41599 | 2023-09-19 | An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. |
| CVE-2023-42399 | 2023-09-19 | Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component. |
| CVE-2023-5060 | 2023-09-19 | Cross-site Scripting (XSS) - DOM in librenms/librenms |
| CVE-2023-26143 | 2023-09-19 | Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file... |
| CVE-2023-5054 | 2023-09-19 | The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on... |
| CVE-2023-5009 | 2023-09-19 | Incorrect Authorization in GitLab |
| CVE-2023-32186 | 2023-09-19 | A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects... |
| CVE-2023-0773 | 2023-09-19 | Unauthorized Access Control Vulnerability in Uniview IP Camera |
| CVE-2023-32184 | 2023-09-19 | A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue... |
| CVE-2023-2567 | 2023-09-19 | Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0 |
| CVE-2023-29245 | 2023-09-19 | SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 |
| CVE-2023-32649 | 2023-09-19 | DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0 |
| CVE-2022-47553 | 2023-09-19 | Improper Authorization in Ormazabal products |
| CVE-2023-23957 | 2023-09-19 | Open Redirection Vulnerability in Symantec Identity Portal 14.4 |
| CVE-2023-41834 | 2023-09-19 | Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences |
| CVE-2022-47554 | 2023-09-19 | Exposure of Sensitive Information in Ormazabal products |
| CVE-2022-47555 | 2023-09-19 | Improper Neutralization of Special Elements in Ormazabal products |
| CVE-2022-47556 | 2023-09-19 | Uncontrolled Resource Consumption in Ormazabal products |
| CVE-2022-47557 | 2023-09-19 | Use of Password Hash With Insufficient Computational Effort in Ormazabal products |
| CVE-2023-4092 | 2023-09-19 | SQL injection vulnerability in Fujitsu Arconte Áurea |
| CVE-2022-47558 | 2023-09-19 | Improper Access Control in Ormazabal products |
| CVE-2023-4093 | 2023-09-19 | Reflected and persistent XSS vulnerability in Fujitsu Arconte Áurea |
| CVE-2022-47559 | 2023-09-19 | Cross-Site Request Forgery in Ormazabal products |
| CVE-2023-4094 | 2023-09-19 | Weak authentication vulnerability in Fujitsu Arconte Áurea |
| CVE-2023-4095 | 2023-09-19 | User enumeration vulnerability in Fujitsu Arconte Áurea |
| CVE-2023-4096 | 2023-09-19 | Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea |
| CVE-2023-41179 | 2023-09-19 | A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker... |
| CVE-2023-41890 | 2023-09-19 | Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation |
| CVE-2023-42444 | 2023-09-19 | phonenumber panics on parsing crafted RF3966 inputs |
| CVE-2023-3892 | 2023-09-19 | Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE |
| CVE-2023-42447 | 2023-09-19 | blurhash panics on parsing crafted inputs |
| CVE-2023-32182 | 2023-09-19 | A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE... |
| CVE-2023-42450 | 2023-09-19 | Mastodon Server-Side Request Forgery vulnerability |