CVE List - 2023 / April
Showing 1901 - 2000 of 2302 CVEs for April 2023 (Page 20 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-31083 | 2023-04-24 | An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A... |
| CVE-2023-31084 | 2023-04-24 | An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is... |
| CVE-2023-22581 | 2023-04-24 | White Rabbit Switch - Unauthenticated remote code execution |
| CVE-2023-22577 | 2023-04-24 | White Rabbit Switch - Password Disclosure Vulnerability |
| CVE-2022-48476 | 2023-04-24 | In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible |
| CVE-2022-48477 | 2023-04-24 | In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing |
| CVE-2023-1731 | 2023-04-24 | Improper Input Validation in Meinberg LTOS |
| CVE-2023-23892 | 2023-04-24 | WordPress M Chart Plugin <= 1.9.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45084 | 2023-04-24 | WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47158 | 2023-04-24 | WordPress alfred24 Click & Collect Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47598 | 2023-04-24 | WordPress WP Super Popup Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24818 | 2023-04-24 | RIOT-OS vulnerable to null pointer dereference during fragment forwarding |
| CVE-2023-24819 | 2023-04-24 | RIOT-OS vulnerable to Buffer Overflow during IPHC receive |
| CVE-2023-24820 | 2023-04-24 | RIOT-OS vulnerable to Integer Underflow during IPHC receive |
| CVE-2023-24821 | 2023-04-24 | RIOT-OS vulnerable to Integer Underflow during defragmentation |
| CVE-2023-24822 | 2023-04-24 | RIOT-OS vulnerable to Null Pointer dereference during IPHC encoding |
| CVE-2023-24823 | 2023-04-24 | RIOT-OS vulnerable to Packet Type Confusion during IPHC send |
| CVE-2023-27524 | 2023-04-24 | Apache Superset: Session validation vulnerability when using provided default SECRET_KEY |
| CVE-2023-30776 | 2023-04-24 | Apache Superset: Database connection password leak |
| CVE-2023-30622 | 2023-04-24 | Clusternet has potential risk which can be leveraged to make a cluster-level privilege escalation |
| CVE-2023-26494 | 2023-04-24 | lorawan-stack has open redirect vulnerability |
| CVE-2023-30544 | 2023-04-24 | Kiwi TCMS may allow user to update email address to unverified one |
| CVE-2023-30613 | 2023-04-24 | Kiwi TCMS unrestricted file upload vulnerability |
| CVE-2022-41612 | 2023-04-24 | WordPress Similar Posts Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2012-10013 | 2023-04-24 | Kau-Boy Backend Localization Plugin backend_localization.php cross site scripting |
| CVE-2012-10014 | 2023-04-24 | Kau-Boy Backend Localization Plugin backend_localization.php localize_backend cross site scripting |
| CVE-2023-0420 | 2023-04-24 | Custom Post Type and Taxonomy GUI Manager <= 1.1 - Stored XSS via CSRF |
| CVE-2023-1420 | 2023-04-24 | Ajax Search Lite < 4.11.1, Pro < 4.26.2 - Reflected Cross-Site Scripting |
| CVE-2023-0899 | 2023-04-24 | Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored XSS |
| CVE-2023-1020 | 2023-04-24 | Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi |
| CVE-2023-1129 | 2023-04-24 | WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR |
| CVE-2023-0276 | 2023-04-24 | Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS |
| CVE-2023-1324 | 2023-04-24 | Easy Forms for MailChimp < 6.8.8 - Reflected XSS |
| CVE-2023-0388 | 2023-04-24 | Random Text <= 0.3.0 - Subscriber+ SQLi |
| CVE-2023-1126 | 2023-04-24 | WP FEvents Book <= 0.46 - Subscriber+ Stored XSS |
| CVE-2023-1624 | 2023-04-24 | WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF |
| CVE-2023-0424 | 2023-04-24 | MS-Reviews <= 1.5 - Subscriber+ Stored XSS |
| CVE-2023-1435 | 2023-04-24 | Ajax Search Lite Pro < 4.26.2 - Multiple Reflected Cross-Site Scripting |
| CVE-2023-0418 | 2023-04-24 | Video Central for WordPress <= 1.3.0 - Contributor+ Stored XSS |
| CVE-2023-1623 | 2023-04-24 | Custom Post Type UI < 1.13.5 - Debug Info Sending via CSRF |
| CVE-2023-1414 | 2023-04-24 | WP VR < 8.3.0 - Subscriber+ Arbitrary Tour Update |
| CVE-2023-2257 | 2023-04-24 | Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub... |
| CVE-2023-29530 | 2023-04-24 | Laminas Diactoros vulnerable to HTTP Multiline Header Termination |
| CVE-2023-30626 | 2023-04-24 | Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution |
| CVE-2023-30627 | 2023-04-24 | jellyfin-web has a stored cross-site scripting vulnerability in devices.js |
| CVE-2023-30623 | 2023-04-24 | Arbitrary command injection in embano1/wip |
| CVE-2023-30628 | 2023-04-24 | Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow |
| CVE-2023-30629 | 2023-04-24 | Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value |
| CVE-2022-42335 | 2023-04-25 | x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow... |
| CVE-2023-2269 | 2023-04-25 | A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. |
| CVE-2023-30402 | 2023-04-25 | YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and... |
| CVE-2012-5872 | 2023-04-25 | ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. |
| CVE-2012-5873 | 2023-04-25 | ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action. |
| CVE-2022-23721 | 2023-04-25 | PingID integration for Windows login duplicate username collision. |
| CVE-2022-31244 | 2023-04-25 | Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. |
| CVE-2022-40482 | 2023-04-25 | The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the... |
| CVE-2022-40722 | 2023-04-25 | Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate. |
| CVE-2022-40723 | 2023-04-25 | Configuration-based MFA Bypass in PingID RADIUS PCV. |
| CVE-2022-40724 | 2023-04-25 | Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint. |
| CVE-2022-40725 | 2023-04-25 | PingID Desktop PIN attempt lockout bypass. |
| CVE-2022-45291 | 2023-04-25 | PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php... |
| CVE-2023-20869 | 2023-04-25 | VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. |
| CVE-2023-20870 | 2023-04-25 | VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. |
| CVE-2023-20871 | 2023-04-25 | VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating... |
| CVE-2023-20872 | 2023-04-25 | VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. |
| CVE-2023-23837 | 2023-04-25 | No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1 |
| CVE-2023-23838 | 2023-04-25 | Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1 |
| CVE-2023-23839 | 2023-04-25 | SolarWinds Platform Exposure of Sensitive Information Vulnerability |
| CVE-2023-24512 | 2023-04-25 | On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. |
| CVE-2023-25313 | 2023-04-25 | OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature. |
| CVE-2023-25314 | 2023-04-25 | Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. |
| CVE-2023-25346 | 2023-04-25 | A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. |
| CVE-2023-25347 | 2023-04-25 | A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title"... |
| CVE-2023-25348 | 2023-04-25 | ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute... |
| CVE-2023-26057 | 2023-04-25 | An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing.... |
| CVE-2023-26058 | 2023-04-25 | An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing.... |
| CVE-2023-26098 | 2023-04-25 | An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code. |
| CVE-2023-26560 | 2023-04-25 | Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. |
| CVE-2023-26735 | 2023-04-25 | blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE:... |
| CVE-2023-26839 | 2023-04-25 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site. |
| CVE-2023-26840 | 2023-04-25 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator. |
| CVE-2023-26841 | 2023-04-25 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in. |
| CVE-2023-26843 | 2023-04-25 | A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. |
| CVE-2023-27105 | 2023-04-25 | A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3... |
| CVE-2023-27843 | 2023-04-25 | SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component. |
| CVE-2023-28771 | 2023-04-25 | Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP... |
| CVE-2023-29552 | 2023-04-25 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service... |
| CVE-2023-29779 | 2023-04-25 | Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving... |
| CVE-2023-30106 | 2023-04-25 | Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. |
| CVE-2023-30111 | 2023-04-25 | Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-30177 | 2023-04-25 | CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. |
| CVE-2023-30404 | 2023-04-25 | Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted... |
| CVE-2023-30417 | 2023-04-25 | A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private... |
| CVE-2023-30549 | 2023-04-25 | Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer |
| CVE-2023-31223 | 2023-04-25 | Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. |
| CVE-2023-22665 | 2023-04-25 | Apache Jena: Exposure of arbitrary execution in script engine expressions. |
| CVE-2022-45837 | 2023-04-25 | WordPress 微信机器人高级版 Plugin <= 6.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25710 | 2023-04-25 | WordPress Click to Call or Chat Buttons Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27619 | 2023-04-25 | WordPress Regina Lite Theme <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25490 | 2023-04-25 | WordPress Archivist – Custom Archive Templates Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS) |