CVE List - 2023 / April
Showing 801 - 900 of 2302 CVEs for April 2023 (Page 9 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-47465 | 2023-04-11 | In vdsp service, there is a missing permission check. This could lead to local denial of service in vdsp service. |
| CVE-2022-47466 | 2023-04-11 | In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. |
| CVE-2022-47467 | 2023-04-11 | In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. |
| CVE-2022-47468 | 2023-04-11 | In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. |
| CVE-2023-0645 | 2023-04-11 | Out of Bounds read in libjxl |
| CVE-2023-28062 | 2023-04-11 | Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access... |
| CVE-2023-30465 | 2023-04-11 | Apache InLong: SQL injection in apache inLong 1.5.0 |
| CVE-2023-1552 | 2023-04-11 | ToolboxST Deserialization of Untrusted Configuration Data |
| CVE-2022-3695 | 2023-04-11 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation |
| CVE-2022-43770 | 2023-04-11 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization |
| CVE-2023-22635 | 2023-04-11 | A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions,... |
| CVE-2022-41330 | 2023-04-11 | An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before... |
| CVE-2023-27995 | 2023-04-11 | A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted... |
| CVE-2022-43951 | 2023-04-11 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow... |
| CVE-2022-40679 | 2023-04-11 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3,... |
| CVE-2022-40682 | 2023-04-11 | A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via... |
| CVE-2022-42470 | 2023-04-11 | A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or... |
| CVE-2022-41331 | 2023-04-11 | A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication... |
| CVE-2022-43948 | 2023-04-11 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through... |
| CVE-2023-22641 | 2023-04-11 | A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS... |
| CVE-2022-42477 | 2023-04-11 | An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via... |
| CVE-2022-43952 | 2023-04-11 | An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an... |
| CVE-2022-43955 | 2023-04-11 | An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions... |
| CVE-2022-43946 | 2023-04-11 | Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the... |
| CVE-2022-27487 | 2023-04-11 | A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote... |
| CVE-2022-43947 | 2023-04-11 | An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows... |
| CVE-2022-27485 | 2023-04-11 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows... |
| CVE-2023-22642 | 2023-04-11 | An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle... |
| CVE-2022-42469 | 2023-04-11 | A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the... |
| CVE-2022-35850 | 2023-04-11 | An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow... |
| CVE-2023-1983 | 2023-04-11 | SourceCodester Sales Tracker Management System GET Parameter manage_product.php sql injection |
| CVE-2023-1984 | 2023-04-11 | SourceCodester Complaint Management System POST Parameter check_availability.php sql injection |
| CVE-2023-1985 | 2023-04-11 | SourceCodester Online Computer and Laptop Store save_brand sql injection |
| CVE-2023-1980 | 2023-04-11 | Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries. |
| CVE-2023-1939 | 2023-04-11 | No access control for the OTP key on OTP entries |
| CVE-2023-1986 | 2023-04-11 | SourceCodester Online Computer and Laptop Store delete_order sql injection |
| CVE-2023-1987 | 2023-04-11 | SourceCodester Online Computer and Laptop Store update_order_status sql injection |
| CVE-2023-1988 | 2023-04-11 | SourceCodester Online Computer and Laptop Store cross site scripting |
| CVE-2023-28284 | 2023-04-11 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2023-24935 | 2023-04-11 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2023-28301 | 2023-04-11 | Microsoft Edge (Chromium-based) Tampering Vulnerability |
| CVE-2023-21727 | 2023-04-11 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-21729 | 2023-04-11 | Remote Procedure Call Runtime Information Disclosure Vulnerability |
| CVE-2023-21769 | 2023-04-11 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2023-23384 | 2023-04-11 | Microsoft SQL Server Remote Code Execution Vulnerability |
| CVE-2023-24914 | 2023-04-11 | Win32k Elevation of Privilege Vulnerability |
| CVE-2023-24931 | 2023-04-11 | Windows Secure Channel Denial of Service Vulnerability |
| CVE-2023-28216 | 2023-04-11 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
| CVE-2023-28217 | 2023-04-11 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
| CVE-2023-28218 | 2023-04-11 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2023-28221 | 2023-04-11 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
| CVE-2023-28222 | 2023-04-11 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-28285 | 2023-04-11 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2023-28288 | 2023-04-11 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2023-28291 | 2023-04-11 | Raw Image Extension Remote Code Execution Vulnerability |
| CVE-2023-28292 | 2023-04-11 | Raw Image Extension Remote Code Execution Vulnerability |
| CVE-2023-28297 | 2023-04-11 | Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability |
| CVE-2023-28298 | 2023-04-11 | Windows Kernel Denial of Service Vulnerability |
| CVE-2023-28300 | 2023-04-11 | Azure Service Connector Security Feature Bypass Vulnerability |
| CVE-2023-28305 | 2023-04-11 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2023-28309 | 2023-04-11 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-28313 | 2023-04-11 | Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability |
| CVE-2023-28314 | 2023-04-11 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-24893 | 2023-04-11 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2023-21554 | 2023-04-11 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2023-23375 | 2023-04-11 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability |
| CVE-2023-24860 | 2023-04-11 | Microsoft Defender Denial of Service Vulnerability |
| CVE-2023-24912 | 2023-04-11 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2023-24924 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24883 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24925 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24884 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24926 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24885 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24927 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24886 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24928 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24887 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24929 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-28219 | 2023-04-11 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2023-28220 | 2023-04-11 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2023-28223 | 2023-04-11 | Windows Domain Name Service Remote Code Execution Vulnerability |
| CVE-2023-28224 | 2023-04-11 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
| CVE-2023-28225 | 2023-04-11 | Windows NTLM Elevation of Privilege Vulnerability |
| CVE-2023-28226 | 2023-04-11 | Windows Enroll Engine Security Feature Bypass Vulnerability |
| CVE-2023-28227 | 2023-04-11 | Windows Bluetooth Driver Remote Code Execution Vulnerability |
| CVE-2023-28228 | 2023-04-11 | Windows Spoofing Vulnerability |
| CVE-2023-28229 | 2023-04-11 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| CVE-2023-28231 | 2023-04-11 | DHCP Server Service Remote Code Execution Vulnerability |
| CVE-2023-28232 | 2023-04-11 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2023-28233 | 2023-04-11 | Windows Secure Channel Denial of Service Vulnerability |
| CVE-2023-28234 | 2023-04-11 | Windows Secure Channel Denial of Service Vulnerability |
| CVE-2023-28235 | 2023-04-11 | Windows Lock Screen Security Feature Bypass Vulnerability |
| CVE-2023-28236 | 2023-04-11 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-28237 | 2023-04-11 | Windows Kernel Remote Code Execution Vulnerability |
| CVE-2023-28238 | 2023-04-11 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability |
| CVE-2023-28240 | 2023-04-11 | Windows Network Load Balancing Remote Code Execution Vulnerability |
| CVE-2023-28241 | 2023-04-11 | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability |
| CVE-2023-28266 | 2023-04-11 | Windows Common Log File System Driver Information Disclosure Vulnerability |
| CVE-2023-28243 | 2023-04-11 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |