CVE List - 2023 / April
Showing 401 - 500 of 2302 CVEs for April 2023 (Page 5 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-20665 | 2023-04-06 | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20666 | 2023-04-06 | In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2023-20670 | 2023-04-06 | In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20674 | 2023-04-06 | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20675 | 2023-04-06 | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20676 | 2023-04-06 | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20679 | 2023-04-06 | In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20680 | 2023-04-06 | In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20681 | 2023-04-06 | In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20682 | 2023-04-06 | In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20684 | 2023-04-06 | In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20685 | 2023-04-06 | In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20686 | 2023-04-06 | In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20687 | 2023-04-06 | In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20688 | 2023-04-06 | In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-22985 | 2023-04-06 | Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments. |
| CVE-2023-26083 | 2023-04-06 | Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall... |
| CVE-2023-28500 | 2023-04-06 | A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects... |
| CVE-2023-29415 | 2023-04-06 | An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure... |
| CVE-2023-29416 | 2023-04-06 | An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting... |
| CVE-2023-29418 | 2023-04-06 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read. |
| CVE-2023-29419 | 2023-04-06 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read. |
| CVE-2023-29420 | 2023-04-06 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block. |
| CVE-2023-29421 | 2023-04-06 | An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block. |
| CVE-2023-29465 | 2023-04-06 | SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running... |
| CVE-2023-29473 | 2023-04-06 | webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system... |
| CVE-2023-29474 | 2023-04-06 | inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system... |
| CVE-2023-29475 | 2023-04-06 | inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system... |
| CVE-2023-23981 | 2023-04-06 | WordPress Conversational Forms for ChatBot Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23982 | 2023-04-06 | WordPress WPFrom Email Plugin <= 1.8.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23815 | 2023-04-06 | WordPress Multi-column Tag Map Plugin <= 17.0.24 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23971 | 2023-04-06 | WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23979 | 2023-04-06 | WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23987 | 2023-04-06 | WordPress User Registration Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23972 | 2023-04-06 | WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28046 | 2023-04-06 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the... |
| CVE-2023-25542 | 2023-04-06 | Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges. |
| CVE-2023-23980 | 2023-04-06 | WordPress MailOptin Plugin <= 1.2.54.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23998 | 2023-04-06 | WordPress VikRentCar Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23996 | 2023-04-06 | WordPress ProfilePress Plugin <= 4.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24001 | 2023-04-06 | WordPress Modal Dialog Plugin <= 3.5.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24006 | 2023-04-06 | WordPress WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24004 | 2023-04-06 | WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24002 | 2023-04-06 | WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24003 | 2023-04-06 | WordPress WP Popups Plugin <= 2.1.4.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1802 | 2023-04-06 | In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed |
| CVE-2023-0652 | 2023-04-06 | Local Privilege Escalation in Cloudflare WARP Installer (Windows) |
| CVE-2023-23898 | 2023-04-06 | WordPress Blocksy Companion Plugin <= 1.8.67 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24383 | 2023-04-06 | WordPress Namaste! LMS Plugin <= 2.5.9.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24403 | 2023-04-06 | WordPress bbPress Voting Plugin <= 2.1.11.0 is vulnerable to Cross-Site Scripting (XSS) |
| CVE-2023-24411 | 2023-04-06 | WordPress BNE Testimonials Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24387 | 2023-04-06 | WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1908 | 2023-04-06 | SourceCodester Simple Mobile Comparison Website GET Parameter view_category.php sql injection |
| CVE-2023-23801 | 2023-04-06 | WordPress Really Simple Google Tag Manager Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46793 | 2023-04-06 | WordPress Product Feed PRO for WooCommerce Plugin <= 12.4.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-0750 | 2023-04-06 | Yellowbrik PEC-1864 authentication bypass |
| CVE-2023-24396 | 2023-04-06 | WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24374 | 2023-04-06 | WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24378 | 2023-04-06 | WordPress Glossary Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23891 | 2023-04-06 | WordPress Ocean Extra Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25062 | 2023-04-06 | WordPress Pinpoint Booking System Plugin <= 2.9.9.2.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1912 | 2023-04-06 | The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization... |
| CVE-2023-1913 | 2023-04-06 | The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and... |
| CVE-2023-24536 | 2023-04-06 | Excessive resource consumption in net/http, net/textproto and mime/multipart |
| CVE-2023-24534 | 2023-04-06 | Excessive memory allocation in net/http and net/textproto |
| CVE-2023-24538 | 2023-04-06 | Backticks not treated as string delimiters in html/template |
| CVE-2023-24537 | 2023-04-06 | Infinite loop in parsing in go/scanner |
| CVE-2023-29010 | 2023-04-06 | BudiBase Server-Side Request Forgery vulnerability |
| CVE-2023-0580 | 2023-04-06 | Information Disclosure vulnerability in My Control System (on-premise) |
| CVE-2023-29008 | 2023-04-06 | SvelteKit framework has Insufficient CSRF protection for CORS requests |
| CVE-2023-29014 | 2023-04-06 | Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter |
| CVE-2023-29015 | 2023-04-06 | Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments |
| CVE-2023-29016 | 2023-04-06 | Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames |
| CVE-2023-29017 | 2023-04-06 | vm2 Sandbox Escape vulnerability |
| CVE-2023-1918 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-1919 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-1920 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-1921 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-1922 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-1923 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-1924 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-1925 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-1926 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-1927 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-1931 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2.... |
| CVE-2023-1930 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2.... |
| CVE-2023-1929 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2.... |
| CVE-2023-1928 | 2023-04-06 | The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2.... |
| CVE-2014-125094 | 2023-04-06 | phpMiniAdmin cross site scripting |
| CVE-2020-11935 | 2023-04-07 | aufs: improperly managed inode reference counts in the vfsub_dentry_open() method |
| CVE-2022-43309 | 2023-04-07 | Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. |
| CVE-2023-24797 | 2023-04-07 | D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-24798 | 2023-04-07 | D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-24799 | 2023-04-07 | D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-24800 | 2023-04-07 | D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-25210 | 2023-04-07 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-25211 | 2023-04-07 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-25212 | 2023-04-07 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-25213 | 2023-04-07 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-25214 | 2023-04-07 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |