CVE List - 2023 / April
Showing 1701 - 1800 of 2302 CVEs for April 2023 (Page 18 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-0384 | 2023-04-20 | Uncontrolled Resource Consuption in M-Files Server |
| CVE-2023-2112 | 2023-04-20 | Desktop component allows lateral movement between sessions |
| CVE-2023-2193 | 2023-04-20 | Oauth authorization codes do not expire when deauthorizing an oauth2 app |
| CVE-2023-1767 | 2023-04-20 | The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's... |
| CVE-2023-22309 | 2023-04-20 | Reflected Cross Site Scripting (XSS) |
| CVE-2022-46302 | 2023-04-20 | Remote Code Execution with Root Privileges via Broad Apache Permissions |
| CVE-2023-25601 | 2023-04-20 | Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication |
| CVE-2022-36788 | 2023-04-20 | A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow.... |
| CVE-2023-1255 | 2023-04-20 | Input buffer over-read in AES-XTS implementation on 64 bit ARM |
| CVE-2023-23938 | 2023-04-20 | Cross-site Scripting (XSS) through the name of a color of select box values in tuleap |
| CVE-2023-27495 | 2023-04-20 | Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection |
| CVE-2023-29528 | 2023-04-20 | Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml |
| CVE-2023-30616 | 2023-04-20 | Cross Site Request Forgery due to missing nonce verification in form block |
| CVE-2023-22295 | 2023-04-20 | CVE-2023-22295 |
| CVE-2023-22321 | 2023-04-20 | Datakit CrossCAD/Ware |
| CVE-2023-22354 | 2023-04-20 | Datakit CrossCAD/Ware |
| CVE-2023-22846 | 2023-04-20 | Datakit CrossCAD/Ware |
| CVE-2023-23579 | 2023-04-20 | Datakit CrossCAD/Ware |
| CVE-2023-2131 | 2023-04-20 | CVE-2023-2131 |
| CVE-2021-33589 | 2023-04-21 | Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm. |
| CVE-2022-36963 | 2023-04-21 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability |
| CVE-2022-47505 | 2023-04-21 | SolarWinds Platform Local Privilege Escalation Vulnerability |
| CVE-2022-47509 | 2023-04-21 | SolarWinds Platform Incorrect Input Neutralization Vulnerability |
| CVE-2022-47930 | 2023-04-21 | An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing... |
| CVE-2022-48150 | 2023-04-21 | Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI. |
| CVE-2023-2202 | 2023-04-21 | Improper Access Control in francoisjacquet/rosariosis |
| CVE-2023-2227 | 2023-04-21 | Improper Authorization in modoboa/modoboa |
| CVE-2023-2228 | 2023-04-21 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-26100 | 2023-04-21 | In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of... |
| CVE-2023-26101 | 2023-04-21 | In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem. |
| CVE-2023-26556 | 2023-04-21 | io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there... |
| CVE-2023-26557 | 2023-04-21 | io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for... |
| CVE-2023-26876 | 2023-04-21 | SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint. |
| CVE-2023-29575 | 2023-04-21 | Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component. |
| CVE-2023-29905 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. |
| CVE-2023-29906 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. |
| CVE-2023-29907 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. |
| CVE-2023-29908 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. |
| CVE-2023-29909 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. |
| CVE-2023-29910 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. |
| CVE-2023-29911 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. |
| CVE-2023-29912 | 2023-04-21 | H3C Magic R200 R200V100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. |
| CVE-2023-29913 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. |
| CVE-2023-29914 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. |
| CVE-2023-29915 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm. |
| CVE-2023-29916 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. |
| CVE-2023-29917 | 2023-04-21 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm. |
| CVE-2023-29924 | 2023-04-21 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. |
| CVE-2023-2204 | 2023-04-21 | Campcodes Retro Basketball Shoes Online Store faqs.php sql injection |
| CVE-2023-2205 | 2023-04-21 | Campcodes Retro Basketball Shoes Online Store login.php sql injection |
| CVE-2023-2206 | 2023-04-21 | Campcodes Retro Basketball Shoes Online Store contactus.php sql injection |
| CVE-2023-2207 | 2023-04-21 | Campcodes Retro Basketball Shoes Online Store contactus1.php sql injection |
| CVE-2023-2208 | 2023-04-21 | Campcodes Retro Basketball Shoes Online Store details.php sql injection |
| CVE-2023-2209 | 2023-04-21 | Campcodes Coffee Shop POS System view_details.php sql injection |
| CVE-2023-2210 | 2023-04-21 | Campcodes Coffee Shop POS System view_category.php sql injection |
| CVE-2023-2211 | 2023-04-21 | Campcodes Coffee Shop POS System manage_category.php sql injection |
| CVE-2023-2212 | 2023-04-21 | Campcodes Coffee Shop POS System view_product.php sql injection |
| CVE-2023-2213 | 2023-04-21 | Campcodes Coffee Shop POS System manage_product.php sql injection |
| CVE-2023-2214 | 2023-04-21 | Campcodes Coffee Shop POS System manage_sale.php sql injection |
| CVE-2023-2215 | 2023-04-21 | Campcodes Coffee Shop POS System manage_user.php sql injection |
| CVE-2023-2216 | 2023-04-21 | Campcodes Coffee Shop POS System Users.php cross site scripting |
| CVE-2023-2217 | 2023-04-21 | SourceCodester Task Reminder System manage_reminder.php sql injection |
| CVE-2023-2218 | 2023-04-21 | SourceCodester Task Reminder System manage_user.php sql injection |
| CVE-2023-2219 | 2023-04-21 | SourceCodester Task Reminder System Users.php cross site scripting |
| CVE-2023-2220 | 2023-04-21 | Dream Technology mica Form Object cross site scripting |
| CVE-2023-2226 | 2023-04-21 | Velociraptor crashes while parsing some malformed PE or OLE files. |
| CVE-2023-2231 | 2023-04-21 | MAXTECH MAX-G866ac Remote Management missing authentication |
| CVE-2023-1998 | 2023-04-21 | Spectre v2 SMT mitigations problem in Linux kernel |
| CVE-2023-30798 | 2023-04-21 | MultipartParser DOS with too many fields or files in Starlette Framework |
| CVE-2023-2139 | 2023-04-21 | Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 |
| CVE-2023-2140 | 2023-04-21 | Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 |
| CVE-2023-2141 | 2023-04-21 | Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022 |
| CVE-2023-30618 | 2023-04-21 | Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform |
| CVE-2023-30620 | 2023-04-21 | Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb |
| CVE-2023-30621 | 2023-04-21 | OS command injection in Gipsy |
| CVE-2023-2118 | 2023-04-21 | Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints. |
| CVE-2023-29019 | 2023-04-21 | Session fixation in fastify-passport |
| CVE-2023-29020 | 2023-04-21 | Cross site request forgery token fixation in fastify-passport |
| CVE-2023-1875 | 2023-04-22 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-2239 | 2023-04-22 | Exposure of Private Personal Information to an Unauthorized Actor in microweber/microweber |
| CVE-2023-2240 | 2023-04-22 | Improper Privilege Management in microweber/microweber |
| CVE-2023-0184 | 2023-04-22 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and... |
| CVE-2023-0190 | 2023-04-22 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. |
| CVE-2023-0199 | 2023-04-22 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. |
| CVE-2023-0200 | 2023-04-22 | NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code... |
| CVE-2023-0201 | 2023-04-22 | NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code... |
| CVE-2023-0202 | 2023-04-22 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability... |
| CVE-2023-0203 | 2023-04-22 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. |
| CVE-2023-0204 | 2023-04-22 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service. |
| CVE-2023-0205 | 2023-04-22 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. |
| CVE-2023-0206 | 2023-04-22 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead... |
| CVE-2023-0207 | 2023-04-22 | NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to... |
| CVE-2023-0209 | 2023-04-22 | NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of... |
| CVE-2023-25505 | 2023-04-22 | NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow,... |
| CVE-2023-25506 | 2023-04-22 | NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a... |
| CVE-2023-25507 | 2023-04-22 | NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code... |
| CVE-2023-25508 | 2023-04-22 | NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may... |
| CVE-2023-25509 | 2023-04-22 | NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges. |
| CVE-2023-25510 | 2023-04-22 | NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited... |
| CVE-2023-25511 | 2023-04-22 | NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited... |