Pagina 4 – Azienda Sicura

Lista CVE 2023/45xxx

CVE nel gruppo: 45xxx

CVE-2023-45070 (Clicca per dettagli)

CVE-2023-45071 (WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-45072 (WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-45073 (WordPress Order auto complete for WooCommerce Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-45074 (WordPress Mendeley Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-45075 (WordPress Advanced Page Visit Counter Plugin <= 7.1.1 is vulnerable to SQL Injection)

CVE-2023-45076 (Clicca per dettagli)

CVE-2023-45077 (Clicca per dettagli)

CVE-2023-45078 (Clicca per dettagli)

CVE-2023-45079 (Clicca per dettagli)

CVE-2023-45083 (Clicca per dettagli)

CVE-2023-45084 (HyperCloud: “admin” and “serveradmin” users can be deleted)

CVE-2023-45085 (Media caddy removal and reinsertion without reboot may cause data loss)

CVE-2023-45101 (When compute hosts are disabled and reenabled, they immediately transition to “ON”, not “INIT”)

CVE-2023-45102 (WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability)

CVE-2023-45103 (WordPress Blog Manager Light Plugin <= 1.20 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-45104 (WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-45105 (WordPress BetterLinks plugin <= 1.6.0 - Broken Access Control vulnerability)

CVE-2023-45106 (WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.9 is vulnerable to Open Redirection)

CVE-2023-45107 (WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-45108 (WordPress GoodBarber Plugin <= 1.0.22 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-45109 (WordPress Mailrelay Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-45110 (WordPress WhitePage Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-45111 (WordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerability)

CVE-2023-45112 (Online Examination System v1.0 – Multiple Unauthenticated SQL Injections (SQLi))

CVE-2023-45113 (Clicca per dettagli)

CVE-2023-45114 (Clicca per dettagli)

CVE-2023-45115 (Clicca per dettagli)

CVE-2023-45116 (Online Examination System v1.0 – Multiple Authenticated SQL Injections (SQLi))

CVE-2023-45117 (Online Examination System v1.0 – Multiple Authenticated SQL Injections (SQLi))

CVE-2023-45118 (Online Examination System v1.0 – Multiple Authenticated SQL Injections (SQLi))

CVE-2023-45119 (Online Examination System v1.0 – Multiple Authenticated SQL Injections (SQLi))

CVE-2023-45120 (Online Examination System v1.0 – Multiple Authenticated SQL Injections (SQLi))

CVE-2023-45121 (Online Examination System v1.0 – Multiple Authenticated SQL Injections (SQLi))

CVE-2023-45122 (Online Examination System v1.0 – Multiple Authenticated SQL Injections (SQLi))

CVE-2023-45123 (Clicca per dettagli)

CVE-2023-45124 (Clicca per dettagli)

CVE-2023-45125 (Clicca per dettagli)

CVE-2023-45126 (Clicca per dettagli)

CVE-2023-45127 (Clicca per dettagli)

CVE-2023-45128 (Clicca per dettagli)

CVE-2023-45129 (CSRF Token Reuse Vulnerability in fiber)

CVE-2023-45130 (matrix-synapse vulnerable to denial of service due to malicious server ACL events)

CVE-2023-45131 (Frontier opcode SUICIDE touches too many storage values on large contracts)

CVE-2023-45132 (Unauthenticated access to new private chat messages in Discourse)

CVE-2023-45133 (IgnoreIP/IgnoreCIDR should not trust X-Forwarded-For)

CVE-2023-45134 (Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code)

CVE-2023-45135 (XWiki Platform XSS vulnerability from account in the create page form via template provider)

CVE-2023-45136 (XWiki users can be tricked to execute scripts as the create page action doesn’t display the page’s title)

CVE-2023-45137 (XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled)

CVE-2023-45138 (XWiki Platform XSS with edit right in the create document form for existing pages)

CVE-2023-45139 (Change Request Application vulnerable to XSS and remote code execution through change request title)

CVE-2023-45140 (fonttools XML External Entity Injection (XXE) Vulnerability)

CVE-2023-45141 (Group-based JIT MFA bypass on scp and sftp in The Bastion)

CVE-2023-45142 (CSRF Token Validation Vulnerability in fiber)

CVE-2023-45143 (OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics)

CVE-2023-45144 (Undici’s cookie header not cleared on cross-origin redirect in fetch)

CVE-2023-45145 (Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App)

CVE-2023-45146 (Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.)

CVE-2023-45147 (Remote code execution in XXL-RPC)

CVE-2023-45148 (Arbitrary keys can be added to a topic’s custom fields by any user in Discourse)

CVE-2023-45149 (Rate limiter not working reliable when Memcached is installed in Nextcloud)

CVE-2023-45150 (Password of talk conversations can be bruteforced in Nextcloud)

CVE-2023-45151 (Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive)

CVE-2023-45152 (OAuth2 client_secret stored in plain text in the Nextcloud database)

CVE-2023-45158 (Blind Server Side Request Forgery (SSRF) in remote schedule import feature in Engelsystem)

CVE-2023-45159 (Clicca per dettagli)

CVE-2023-45160 (1E Client installer can perform arbitrary file deletion on protected files)

CVE-2023-45161 (Elevated Temp Directory Execution in 1E Client)

CVE-2023-45162 (1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution)

CVE-2023-45163 (Blind SQL vulnerability in 1E platform)

CVE-2023-45165 (1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution)

CVE-2023-45166 (IBM AIX denial of service)

CVE-2023-45167 (IBM AIX privilege escalation)

CVE-2023-45168 (IBM AIX denial of service)

CVE-2023-45169 (IBM AIX command execution)

CVE-2023-45170 (IBM AIX denial of service)

CVE-2023-45171 (IBM AIX privilege escalation)

CVE-2023-45172 (IBM AIX denial of service)

CVE-2023-45173 (IBM AIX denial of service)

Precedente Successivo