CVE List - 2023 / April
Showing 2201 - 2300 of 2302 CVEs for April 2023 (Page 23 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-30024 | 2023-04-28 | The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software... |
| CVE-2023-30123 | 2023-04-28 | wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. |
| CVE-2023-30125 | 2023-04-28 | EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-30405 | 2023-04-28 | A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at... |
| CVE-2023-30454 | 2023-04-28 | An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that... |
| CVE-2023-30455 | 2023-04-28 | An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated... |
| CVE-2023-31444 | 2023-04-28 | In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the... |
| CVE-2023-31470 | 2023-04-28 | SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request. |
| CVE-2023-31483 | 2023-04-28 | tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar... |
| CVE-2023-31484 | 2023-04-28 | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. |
| CVE-2023-31485 | 2023-04-28 | GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. |
| CVE-2023-31486 | 2023-04-28 | HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. |
| CVE-2023-27556 | 2023-04-28 | IBM Safer Payments denial of service |
| CVE-2020-4729 | 2023-04-28 | IBM Safer Payments denial of service |
| CVE-2023-27557 | 2023-04-28 | IBM Safter Payments information disclosure |
| CVE-2023-28528 | 2023-04-28 | IBM AIX command execution |
| CVE-2022-48481 | 2023-04-28 | In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible |
| CVE-2023-30466 | 2023-04-28 | Authentication Bypass Vulnerability in Milesight Network Video Recorder (NVR) |
| CVE-2023-30467 | 2023-04-28 | Improper Authorization Vulnerability in Milesight Network Video Recorder (NVR) |
| CVE-2023-2363 | 2023-04-28 | SourceCodester Resort Reservation System view_room.php sql injection |
| CVE-2023-2364 | 2023-04-28 | SourceCodester Resort Reservation System registration.php cross site scripting |
| CVE-2023-2360 | 2023-04-28 | Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. |
| CVE-2023-2365 | 2023-04-28 | SourceCodester Faculty Evaluation System sql injection |
| CVE-2023-2366 | 2023-04-28 | SourceCodester Faculty Evaluation System sql injection |
| CVE-2023-2367 | 2023-04-28 | SourceCodester Faculty Evaluation System manage_academic.php sql injection |
| CVE-2023-2368 | 2023-04-28 | SourceCodester Faculty Evaluation System sql injection |
| CVE-2023-2369 | 2023-04-28 | SourceCodester Faculty Evaluation System manage_restriction.php sql injection |
| CVE-2023-2370 | 2023-04-28 | SourceCodester Online DJ Management System GET Parameter manage_event.php sql injection |
| CVE-2023-2371 | 2023-04-28 | SourceCodester Online DJ Management System GET Parameter view_details.php sql injection |
| CVE-2023-2372 | 2023-04-28 | SourceCodester Online DJ Management System cross site scripting |
| CVE-2023-2373 | 2023-04-28 | Ubiquiti EdgeRouter X Web Management Interface command injection |
| CVE-2023-2374 | 2023-04-28 | Ubiquiti EdgeRouter X Web Management Interface command injection |
| CVE-2023-0834 | 2023-04-28 | Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1. |
| CVE-2023-1477 | 2023-04-28 | Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3. |
| CVE-2023-2375 | 2023-04-28 | Ubiquiti EdgeRouter X Web Management Interface command injection |
| CVE-2023-2376 | 2023-04-28 | Ubiquiti EdgeRouter X Web Management Interface command injection |
| CVE-2023-30853 | 2023-04-28 | Gradle Build Action data written to GitHub Actions Cache may expose secrets |
| CVE-2023-2377 | 2023-04-28 | Ubiquiti EdgeRouter X Web Management Interface command injection |
| CVE-2023-30854 | 2023-04-28 | WWBN AVideo vulnerable to OS Command Injection |
| CVE-2022-31643 | 2023-04-28 | A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the... |
| CVE-2023-30856 | 2023-04-28 | eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution |
| CVE-2023-27971 | 2023-04-28 | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. |
| CVE-2023-27972 | 2023-04-28 | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. |
| CVE-2023-2378 | 2023-04-28 | Ubiquiti EdgeRouter X Web Management Interface command injection |
| CVE-2023-27973 | 2023-04-28 | Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. |
| CVE-2023-1526 | 2023-04-28 | Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer. |
| CVE-2023-2379 | 2023-04-28 | Ubiquiti EdgeRouter X Web Service denial of service |
| CVE-2023-2380 | 2023-04-28 | Netgear SRX5308 denial of service |
| CVE-2023-2381 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-2382 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-27864 | 2023-04-28 | IBM Maximo Asset Management HTML injection |
| CVE-2023-2383 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-2384 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-25930 | 2023-04-28 | IBM Db2 denial of service |
| CVE-2023-29334 | 2023-04-28 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2023-27555 | 2023-04-28 | IBM Db2 denial of service |
| CVE-2023-2385 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-1966 | 2023-04-28 | CVE-2023-1966 |
| CVE-2023-1968 | 2023-04-28 | CVE-2023-1968 |
| CVE-2023-26021 | 2023-04-28 | IBM Db2 denial of service |
| CVE-2023-26022 | 2023-04-28 | IBM Db2 denial of service |
| CVE-2023-2386 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-2387 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-2388 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-2389 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-2390 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-2391 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-2392 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-30857 | 2023-04-28 | @aedart/support possibly vulnerable to prototype pollution in metadata record, when using meta decorator |
| CVE-2023-29058 | 2023-04-28 | A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure... |
| CVE-2023-30858 | 2023-04-28 | Denosaurs emoji has ReDoS vulnerability in `replace` function |
| CVE-2023-29057 | 2023-04-28 | A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for... |
| CVE-2023-2393 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-2394 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-29056 | 2023-04-28 | A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization... |
| CVE-2023-25496 | 2023-04-28 | A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. |
| CVE-2023-25495 | 2023-04-28 | A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain... |
| CVE-2023-2395 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-2396 | 2023-04-28 | Netgear SRX5308 Web Management Interface cross site scripting |
| CVE-2023-2397 | 2023-04-28 | SourceCodester Simple Mobile Comparison Website cross site scripting |
| CVE-2023-2408 | 2023-04-28 | SourceCodester AC Repair and Services System view.php sql injection |
| CVE-2023-2409 | 2023-04-28 | SourceCodester AC Repair and Services System view_service.php sql injection |
| CVE-2023-2410 | 2023-04-28 | SourceCodester AC Repair and Services System view_booking.php sql injection |
| CVE-2023-2411 | 2023-04-28 | SourceCodester AC Repair and Services System view_inquiry.php sql injection |
| CVE-2023-2412 | 2023-04-28 | SourceCodester AC Repair and Services System manage_user.php sql injection |
| CVE-2023-2426 | 2023-04-29 | Use of Out-of-range Pointer Offset in vim/vim |
| CVE-2023-2413 | 2023-04-29 | SourceCodester AC Repair and Services System manage_booking.php sql injection |
| CVE-2023-2417 | 2023-04-29 | ks-soft Advanced Host Monitor rma_active.exe unquoted search path |
| CVE-2023-2418 | 2023-04-29 | Konga Login API random values |
| CVE-2023-2419 | 2023-04-29 | Zhong Bang CRMEB SystemAttachmentServices.php videoUpload unrestricted upload |
| CVE-2023-2420 | 2023-04-29 | MLECMS common.func.php get_url sql injection |
| CVE-2023-2421 | 2023-04-29 | Control iD RHiD department cross site scripting |
| CVE-2022-41736 | 2023-04-29 | IBM Spectrum Scale Container Native Storage Access privilege escalation |
| CVE-2023-30792 | 2023-04-29 | Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources. |
| CVE-2022-43871 | 2023-04-29 | IBM Financial Transaction Manager for SWIFT Services cross-site scripting |
| CVE-2023-2424 | 2023-04-29 | DedeCMS config.php UpDateMemberModCache unrestricted upload |
| CVE-2023-2425 | 2023-04-29 | SourceCodester Simple Student Information System Add New Course cross site scripting |
| CVE-2023-30441 | 2023-04-29 | IBM Java information disclosure |
| CVE-2023-2428 | 2023-04-30 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-2429 | 2023-04-30 | Improper Access Control in thorsten/phpmyfaq |