Lista CVE - 2023 / Settembre
Visualizzazione 201 - 300 di 2148 CVE per Settembre 2023 (Pagina 3 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-32812 | 2023-09-04 | In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User... |
| CVE-2023-32813 | 2023-09-04 | In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-32814 | 2023-09-04 | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-32815 | 2023-09-04 | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-32816 | 2023-09-04 | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-32817 | 2023-09-04 | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-4613 | 2023-09-04 | Upload Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability |
| CVE-2023-4754 | 2023-09-04 | Out-of-bounds Write in gpac/gpac |
| CVE-2023-4756 | 2023-09-04 | Stack-based Buffer Overflow in gpac/gpac |
| CVE-2023-36382 | 2023-09-04 | WordPress Media Library Categories Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39164 | 2023-09-04 | WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39162 | 2023-09-04 | WordPress User Email Verification for WooCommerce Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25465 | 2023-09-04 | WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39919 | 2023-09-04 | WordPress wpShopGermany – Protected Shops Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39918 | 2023-09-04 | WordPress Booking Package Plugin <= 1.6.01 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39987 | 2023-09-04 | WordPress wSecure Lite Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39991 | 2023-09-04 | WordPress BigBlueButton Plugin <= 3.0.0-beta.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39988 | 2023-09-04 | WordPress WxSync Plugin <= 2.7.23 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37393 | 2023-09-04 | WordPress Atarim Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31220 | 2023-09-04 | WordPress WP Categories Widget Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30494 | 2023-09-04 | WordPress ImageRecycle pdf & image compression Plugin <= 3.1.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39992 | 2023-09-04 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4614 | 2023-09-04 | setThumbnailRC Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability |
| CVE-2023-4615 | 2023-09-04 | updateFile Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability |
| CVE-2023-40208 | 2023-09-04 | WordPress Stock Ticker Plugin <= 3.23.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4616 | 2023-09-04 | thumbnail Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability |
| CVE-2023-40206 | 2023-09-04 | WordPress WP 404 Auto Redirect to Similar Post Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40205 | 2023-09-04 | WordPress PixTypes Plugin <= 1.4.15 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30485 | 2023-09-04 | WordPress Avartan Slider Lite Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32296 | 2023-09-04 | WordPress Kangu para WooCommerce Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40196 | 2023-09-04 | WordPress ImageRecycle pdf & image compression Plugin <= 3.1.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40214 | 2023-09-04 | WordPress Business Pro Theme <= 1.10.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4587 | 2023-09-04 | Insecure direct object reference in ZKTeco ZEM800 |
| CVE-2023-4059 | 2023-09-04 | Profile Builder < 3.9.8 - Unauthenticated Plugin's Pages Creation |
| CVE-2023-4269 | 2023-09-04 | User Activity Log < 1.6.6 - Subscriber+ Log Export |
| CVE-2023-4254 | 2023-09-04 | Chatbot < 4.7.8 - Admin+ Stored XSS in Language Settings |
| CVE-2023-4253 | 2023-09-04 | Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder |
| CVE-2023-4151 | 2023-09-04 | Store Locator WordPress < 1.4.13 - Reflected XSS |
| CVE-2023-4284 | 2023-09-04 | Post Timeline < 2.2.6 - Reflected XSS |
| CVE-2023-2813 | 2023-09-04 | Multiple Themes - Reflected XSS |
| CVE-2023-3499 | 2023-09-04 | Robo Gallery < 3.2.16 - Admin+ Stored XSS |
| CVE-2023-3814 | 2023-09-04 | Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access |
| CVE-2023-4019 | 2023-09-04 | Media from FTP < 11.17 - Author+ Arbitrary File Access |
| CVE-2023-4216 | 2023-09-04 | Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read |
| CVE-2023-4279 | 2023-09-04 | User Activity Log < 1.6.7 - IP Spoofing |
| CVE-2023-4298 | 2023-09-04 | 123.chat < 1.3.1 - Admin+ Stored XSS |
| CVE-2023-40197 | 2023-09-04 | WordPress flowpaper Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32578 | 2023-09-04 | WordPress Column-Matic Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32102 | 2023-09-04 | WordPress Library Viewer Plugin <= 2.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3221 | 2023-09-04 | User enumeration vulnerability in Roundcube Password Recovery Plugin |
| CVE-2023-3222 | 2023-09-04 | Vulnerability in the password recovery mechanism of Roundcube Password Recovery Plugin |
| CVE-2023-4755 | 2023-09-04 | Use After Free in gpac/gpac |
| CVE-2023-4752 | 2023-09-04 | Use After Free in vim/vim |
| CVE-2023-4750 | 2023-09-04 | Use After Free in vim/vim |
| CVE-2023-4733 | 2023-09-04 | Use After Free in vim/vim |
| CVE-2023-28072 | 2023-09-04 | Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server... |
| CVE-2023-4758 | 2023-09-04 | Buffer Over-read in gpac/gpac |
| CVE-2023-41057 | 2023-09-04 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it |
| CVE-2023-41054 | 2023-09-04 | LibreY Server-Side Request Forgery (SSRF) vulnerability in image_proxy.php |
| CVE-2023-41055 | 2023-09-04 | LibreY Server-Side Request Forgery (SSRF) vulnerability via wikipedia_language cookie |
| CVE-2023-41052 | 2023-09-04 | Vyper: incorrect order of evaluation of side effects for some builtins |
| CVE-2023-40015 | 2023-09-04 | Vyper: reversed order of side effects for some operations |
| CVE-2023-41058 | 2023-09-04 | Trigger `beforeFind` not invoked in internal query pipeline in parse-server |
| CVE-2023-35892 | 2023-09-04 | IBM Financial Transaction Manager for SWIFT Services XML external entity injection |
| CVE-2022-43903 | 2023-09-04 | IBM Security Guardium denial of service |
| CVE-2023-32338 | 2023-09-04 | IBM Sterling Secure Proxy information disclosure |
| CVE-2015-1390 | 2023-09-05 | Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator. |
| CVE-2015-1391 | 2023-09-05 | Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. |
| CVE-2015-2201 | 2023-09-05 | Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. |
| CVE-2015-2202 | 2023-09-05 | Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. |
| CVE-2017-9453 | 2023-09-05 | BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. |
| CVE-2020-35593 | 2023-09-05 | BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host. |
| CVE-2021-40546 | 2023-09-05 | Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi. |
| CVE-2022-41763 | 2023-09-05 | An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code... |
| CVE-2023-34637 | 2023-09-05 | A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboard title... |
| CVE-2023-36307 | 2023-09-05 | ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear... |
| CVE-2023-39598 | 2023-09-05 | Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. |
| CVE-2023-39654 | 2023-09-05 | abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict. |
| CVE-2023-39681 | 2023-09-05 | Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload. |
| CVE-2023-40918 | 2023-09-05 | KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role. |
| CVE-2023-41009 | 2023-09-05 | File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header. |
| CVE-2023-41012 | 2023-09-05 | An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism. |
| CVE-2023-41107 | 2023-09-05 | TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack. |
| CVE-2023-41108 | 2023-09-05 | TEF portal 2023-07-17 is vulnerable to authenticated remote code execution. |
| CVE-2023-41507 | 2023-09-05 | Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters. |
| CVE-2023-41508 | 2023-09-05 | A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel. |
| CVE-2023-41908 | 2023-09-05 | Cerebrate before 1.15 lacks the Secure attribute for the session cookie. |
| CVE-2023-41909 | 2023-09-05 | An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. |
| CVE-2023-41910 | 2023-09-05 | An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an... |
| CVE-2023-36308 | 2023-09-05 | disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function... |
| CVE-2023-36361 | 2023-09-05 | Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter. |
| CVE-2023-29261 | 2023-09-05 | IBM Sterling Secure Proxy information disclosure |
| CVE-2023-22870 | 2023-09-05 | IBM Aspera Faspex information disclosure |
| CVE-2023-35906 | 2023-09-05 | IBM Aspera Faspex security bypass |
| CVE-2023-4636 | 2023-09-05 | The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and... |
| CVE-2023-4748 | 2023-09-05 | Yongyou UFIDA-NC PrintTemplateFileServlet.java path traversal |
| CVE-2022-33220 | 2023-09-05 | Buffer over-read in Automotive multimedia |
| CVE-2022-33275 | 2023-09-05 | Improper validation of array index in WLAN HAL |
| CVE-2022-40524 | 2023-09-05 | Buffer over-read in Modem |
| CVE-2022-40534 | 2023-09-05 | Improper Validation of Array Index in Audio |