Lista CVE - 2023 / Settembre
Visualizzazione 401 - 500 di 2148 CVE per Settembre 2023 (Pagina 5 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-28213 | 2023-09-06 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write... |
| CVE-2023-32425 | 2023-09-06 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges. |
| CVE-2023-28209 | 2023-09-06 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write... |
| CVE-2023-28208 | 2023-09-06 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a... |
| CVE-2023-32428 | 2023-09-06 | This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able... |
| CVE-2023-28195 | 2023-09-06 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3. An app may be able to read sensitive location... |
| CVE-2023-32432 | 2023-09-06 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app... |
| CVE-2023-28212 | 2023-09-06 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write... |
| CVE-2023-29166 | 2023-09-06 | A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges. |
| CVE-2023-28188 | 2023-09-06 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause a denial-of-service. |
| CVE-2023-32356 | 2023-09-06 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write... |
| CVE-2023-28215 | 2023-09-06 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write... |
| CVE-2023-28214 | 2023-09-06 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write... |
| CVE-2023-32438 | 2023-09-06 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app... |
| CVE-2023-34352 | 2023-09-06 | A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker... |
| CVE-2023-4719 | 2023-09-06 | The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output... |
| CVE-2023-30706 | 2023-09-06 | Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege. |
| CVE-2023-30707 | 2023-09-06 | Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege. |
| CVE-2023-30708 | 2023-09-06 | Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status. |
| CVE-2023-30709 | 2023-09-06 | Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege. |
| CVE-2023-30710 | 2023-09-06 | Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities. |
| CVE-2023-30711 | 2023-09-06 | Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider. |
| CVE-2023-30712 | 2023-09-06 | Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity. |
| CVE-2023-30713 | 2023-09-06 | Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock. |
| CVE-2023-30714 | 2023-09-06 | Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock. |
| CVE-2023-30715 | 2023-09-06 | Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission. |
| CVE-2023-30716 | 2023-09-06 | Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands. |
| CVE-2023-30717 | 2023-09-06 | Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers. |
| CVE-2023-30718 | 2023-09-06 | Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting. |
| CVE-2023-30719 | 2023-09-06 | Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data. |
| CVE-2023-30720 | 2023-09-06 | PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access. |
| CVE-2023-30721 | 2023-09-06 | Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log. |
| CVE-2023-30722 | 2023-09-06 | Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code. |
| CVE-2023-30723 | 2023-09-06 | Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege. |
| CVE-2023-30724 | 2023-09-06 | Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history. |
| CVE-2023-30725 | 2023-09-06 | Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider. |
| CVE-2023-30726 | 2023-09-06 | PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attackers to access data. |
| CVE-2023-30728 | 2023-09-06 | Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction. |
| CVE-2023-30729 | 2023-09-06 | Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information. |
| CVE-2023-30730 | 2023-09-06 | Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access... |
| CVE-2023-4773 | 2023-09-06 | The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and... |
| CVE-2023-32162 | 2023-09-06 | Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| CVE-2023-32163 | 2023-09-06 | Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability |
| CVE-2023-35719 | 2023-09-06 | ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability |
| CVE-2023-3471 | 2023-09-06 | Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code. |
| CVE-2023-3472 | 2023-09-06 | Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code. |
| CVE-2023-4779 | 2023-09-06 | The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization... |
| CVE-2023-29441 | 2023-09-06 | WordPress WebLibrarian Plugin <= 3.5.8.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30497 | 2023-09-06 | WordPress LINE Notify Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40560 | 2023-09-06 | WordPress Schedule Posts Calendar Plugin <= 5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40552 | 2023-09-06 | WordPress Fitness calculators plugin Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40554 | 2023-09-06 | WordPress Blog2Social Plugin <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40553 | 2023-09-06 | WordPress Plausible Analytics Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40329 | 2023-09-06 | WordPress Custom Admin Login Page | WPZest Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40328 | 2023-09-06 | WordPress Carrot Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4634 | 2023-09-06 | The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls... |
| CVE-2023-40007 | 2023-09-06 | WordPress CT Commerce Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40601 | 2023-09-06 | WordPress Mortgage Calculator Estatik Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40531 | 2023-09-06 | Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. |
| CVE-2023-40357 | 2023-09-06 | Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions... |
| CVE-2023-40193 | 2023-09-06 | Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. |
| CVE-2023-39935 | 2023-09-06 | Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. |
| CVE-2023-39224 | 2023-09-06 | Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no... |
| CVE-2023-38588 | 2023-09-06 | Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. |
| CVE-2023-38568 | 2023-09-06 | Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. |
| CVE-2023-38563 | 2023-09-06 | Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. |
| CVE-2023-37284 | 2023-09-06 | Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication. |
| CVE-2023-32619 | 2023-09-06 | Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a... |
| CVE-2023-31188 | 2023-09-06 | Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions... |
| CVE-2023-36489 | 2023-09-06 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506',... |
| CVE-2023-4588 | 2023-09-06 | File accessibility vulnerability in Delinea Secret Server |
| CVE-2023-4589 | 2023-09-06 | Insufficient verification of data authenticity vulnerability in Delinea Secret Server |
| CVE-2023-41930 | 2023-09-06 | Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history... |
| CVE-2023-41931 | 2023-09-06 | Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting... |
| CVE-2023-41932 | 2023-09-06 | Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system... |
| CVE-2023-41933 | 2023-09-06 | Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2023-41934 | 2023-09-06 | Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat... |
| CVE-2023-41935 | 2023-09-06 | Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers... |
| CVE-2023-41936 | 2023-09-06 | Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods... |
| CVE-2023-41937 | 2023-09-06 | Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to... |
| CVE-2023-41938 | 2023-09-06 | A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules. |
| CVE-2023-41939 | 2023-09-06 | Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access... |
| CVE-2023-41940 | 2023-09-06 | Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents. |
| CVE-2023-41941 | 2023-09-06 | A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins. |
| CVE-2023-41942 | 2023-09-06 | A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue. |
| CVE-2023-41943 | 2023-09-06 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. |
| CVE-2023-41944 | 2023-09-06 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML... |
| CVE-2023-41945 | 2023-09-06 | Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions,... |
| CVE-2023-41946 | 2023-09-06 | A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and... |
| CVE-2023-41947 | 2023-09-06 | A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials. |
| CVE-2023-36387 | 2023-09-06 | Apache Superset: Improper API permission for low privilege users |
| CVE-2023-41149 | 2023-09-06 | F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the... |
| CVE-2023-41150 | 2023-09-06 | F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who... |
| CVE-2023-27526 | 2023-09-06 | Apache Superset: Improper Authorization check on import charts |
| CVE-2023-36388 | 2023-09-06 | Apache Superset: Improper API permission for low privilege users allows for SSRF |
| CVE-2023-27523 | 2023-09-06 | Apache Superset: Improper data permission validation on Jinja templated queries |
| CVE-2023-39264 | 2023-09-06 | Apache Superset: Stack traces enabled by default |
| CVE-2023-39265 | 2023-09-06 | Apache Superset: Possible Unauthorized Registration of SQLite Database Connections |
| CVE-2023-37941 | 2023-09-06 | Apache Superset: Metadata db write access can lead to remote code execution |
| CVE-2021-28644 | 2023-09-06 | Adobe Acrobat SpellDictionaryCreate Path Traversal Remote Code Execution Vulnerability |