CVE List - 2023 / April
Showing 701 - 800 of 2302 CVEs for April 2023 (Page 8 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-1989 | 2023-04-11 | A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading... |
| CVE-2020-19802 | 2023-04-11 | File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter. |
| CVE-2020-19803 | 2023-04-11 | Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the background system settings. |
| CVE-2020-24736 | 2023-04-11 | Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script. |
| CVE-2020-9009 | 2023-04-11 | The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker... |
| CVE-2021-46878 | 2023-04-11 | An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and... |
| CVE-2021-46879 | 2023-04-11 | An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can... |
| CVE-2022-38604 | 2023-04-11 | Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability. |
| CVE-2022-43293 | 2023-04-11 | Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe. |
| CVE-2022-46396 | 2023-04-11 | An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This... |
| CVE-2023-1974 | 2023-04-11 | Exposure of Sensitive Information Through Metadata in answerdev/answer |
| CVE-2023-1975 | 2023-04-11 | Insertion of Sensitive Information Into Sent Data in answerdev/answer |
| CVE-2023-1976 | 2023-04-11 | Password Aging with Long Expiration in answerdev/answer |
| CVE-2023-22282 | 2023-04-11 | WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on... |
| CVE-2023-22429 | 2023-04-11 | Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded... |
| CVE-2023-22612 | 2023-04-11 | An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory... |
| CVE-2023-22613 | 2023-04-11 | An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler... |
| CVE-2023-22614 | 2023-04-11 | An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in... |
| CVE-2023-22615 | 2023-04-11 | An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save... |
| CVE-2023-22808 | 2023-04-11 | An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before... |
| CVE-2023-23277 | 2023-04-11 | Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field. |
| CVE-2023-23572 | 2023-04-11 | Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software... |
| CVE-2023-23575 | 2023-04-11 | Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network... |
| CVE-2023-24182 | 2023-04-11 | LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js. |
| CVE-2023-24464 | 2023-04-11 | Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser.... |
| CVE-2023-24544 | 2023-04-11 | Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected... |
| CVE-2023-25407 | 2023-04-11 | Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials. |
| CVE-2023-25409 | 2023-04-11 | Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets. |
| CVE-2023-25411 | 2023-04-11 | Aten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF). |
| CVE-2023-25413 | 2023-04-11 | Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials. |
| CVE-2023-25414 | 2023-04-11 | Aten PE8108 2.4.232 is vulnerable to denial of service (DOS). |
| CVE-2023-25415 | 2023-04-11 | Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Event Notification configuration. |
| CVE-2023-25755 | 2023-04-11 | Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data... |
| CVE-2023-25950 | 2023-04-11 | HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive... |
| CVE-2023-25955 | 2023-04-11 | National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be... |
| CVE-2023-26260 | 2023-04-11 | OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the... |
| CVE-2023-26551 | 2023-04-11 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. |
| CVE-2023-26552 | 2023-04-11 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. |
| CVE-2023-26553 | 2023-04-11 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. |
| CVE-2023-26554 | 2023-04-11 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. |
| CVE-2023-26555 | 2023-04-11 | praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver. |
| CVE-2023-26588 | 2023-04-11 | Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware... |
| CVE-2023-26593 | 2023-04-11 | CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is... |
| CVE-2023-26845 | 2023-04-11 | A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. |
| CVE-2023-26846 | 2023-04-11 | A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates. |
| CVE-2023-26847 | 2023-04-11 | A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates. |
| CVE-2023-26917 | 2023-04-11 | libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c. |
| CVE-2023-26964 | 2023-04-11 | An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which... |
| CVE-2023-27179 | 2023-04-11 | GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. |
| CVE-2023-27191 | 2023-04-11 | An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files. |
| CVE-2023-27192 | 2023-04-11 | An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the key_wifi_safe_net_check_url, KEY_Cirus_scan_whitelist and KEY_AD_NEW_USER_AVOID_TIME parameters. |
| CVE-2023-27389 | 2023-04-11 | Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause... |
| CVE-2023-27520 | 2023-04-11 | Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user... |
| CVE-2023-27645 | 2023-04-11 | An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters. |
| CVE-2023-27917 | 2023-04-11 | OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The... |
| CVE-2023-28340 | 2023-04-11 | Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. |
| CVE-2023-28341 | 2023-04-11 | Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. |
| CVE-2023-28368 | 2023-04-11 | TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable... |
| CVE-2023-28808 | 2023-04-11 | Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages... |
| CVE-2023-29492 | 2023-04-11 | Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or... |
| CVE-2023-29576 | 2023-04-11 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h. |
| CVE-2023-1903 | 2023-04-11 | Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0) |
| CVE-2023-24527 | 2023-04-11 | Improper Access Control in SAP NetWeaver AS Java for Deploy Service |
| CVE-2023-26458 | 2023-04-11 | Information Disclosure vulnerability in SAP Landscape Management |
| CVE-2023-27267 | 2023-04-11 | Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge) |
| CVE-2023-27497 | 2023-04-11 | Multiple vulnerabilities in SAP Diagnostics Agent (EventLogServiceCollector) |
| CVE-2023-27499 | 2023-04-11 | Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML |
| CVE-2023-27897 | 2023-04-11 | Code Injection vulnerability in SAP CRM |
| CVE-2023-28761 | 2023-04-11 | Missing Authentication check in SAP NetWeaver Enterprise Portal |
| CVE-2023-28763 | 2023-04-11 | Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-28765 | 2023-04-11 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management ) |
| CVE-2023-29108 | 2023-04-11 | IP filter vulnerability in ABAP Platform and SAP Web Dispatcher |
| CVE-2023-29109 | 2023-04-11 | Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) |
| CVE-2023-29110 | 2023-04-11 | Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) |
| CVE-2023-29111 | 2023-04-11 | Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service) |
| CVE-2023-29112 | 2023-04-11 | Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring) |
| CVE-2023-29185 | 2023-04-11 | Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages) |
| CVE-2023-29186 | 2023-04-11 | Directory/Path Traversal vulnerability in SAP NetWeaver. |
| CVE-2023-29187 | 2023-04-11 | DLL Hijacking vulnerability in SapSetup (Software Installation Program) |
| CVE-2023-29189 | 2023-04-11 | HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) |
| CVE-2023-26121 | 2023-04-11 | All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content. |
| CVE-2023-26122 | 2023-04-11 | All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in... |
| CVE-2022-43716 | 2023-04-11 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)... |
| CVE-2022-43767 | 2023-04-11 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)... |
| CVE-2022-43768 | 2023-04-11 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)... |
| CVE-2023-23588 | 2023-04-11 | A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions... |
| CVE-2023-26293 | 2023-04-11 | A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7), Totally Integrated... |
| CVE-2023-27464 | 2023-04-11 | A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot Password (Mendix... |
| CVE-2023-28489 | 2023-04-11 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via... |
| CVE-2023-28766 | 2023-04-11 | A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300)... |
| CVE-2023-28828 | 2023-04-11 | A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files... |
| CVE-2023-29053 | 2023-04-11 | A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end... |
| CVE-2023-29054 | 2023-04-11 | A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT... |
| CVE-2022-47335 | 2023-04-11 | In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. |
| CVE-2022-47336 | 2023-04-11 | In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. |
| CVE-2022-47337 | 2023-04-11 | In media service, there is a missing permission check. This could lead to local denial of service in media service. |
| CVE-2022-47338 | 2023-04-11 | In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. |
| CVE-2022-47362 | 2023-04-11 | In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. |
| CVE-2022-47463 | 2023-04-11 | In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. |
| CVE-2022-47464 | 2023-04-11 | In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. |