Lista CVE - 2023 / Ottobre
Visualizzazione 1001 - 1100 di 2690 CVE per Ottobre 2023 (Pagina 11 di 27)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-44178 | 2023-10-12 | Junos OS : Stack overflow vulnerability in CLI command processing |
| CVE-2023-44181 | 2023-10-12 | Junos OS: QFX5k: l2 loop in the overlay impacts the stability in a EVPN/VXLAN environment |
| CVE-2023-44182 | 2023-10-12 | Junos OS and Junos OS Evolved: An Unchecked Return Value in multiple users interfaces affects confidentiality and integrity of device operations |
| CVE-2023-44183 | 2023-10-12 | Junos OS: QFX5000 Series, EX4600 Series: In a VxLAN scenario an adjacent attacker within the VxLAN sending genuine packets may cause a DMA memory leak to occur. |
| CVE-2023-44184 | 2023-10-12 | Junos OS and Junos OS Evolved: High CPU load due to specific NETCONF command |
| CVE-2023-44185 | 2023-10-12 | Junos OS and Junos OS Evolved: In an BGP scenario RPD crashes upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet |
| CVE-2023-44191 | 2023-10-12 | Junos OS: QFX5000 Series and EX4000 Series: Denial of Service (DoS) on a large scale VLAN due to PFE hogging |
| CVE-2023-44192 | 2023-10-12 | Junos OS: QFX5000 Series: DMA memory leak is observed when specific DHCP packets are transmitted over pseudo-VTEP |
| CVE-2023-44193 | 2023-10-12 | Junos OS: MX Series: An FPC crash is observed when CFM is enabled in a VPLS scenario and a specific LDP related command is run |
| CVE-2023-44194 | 2023-10-12 | Junos OS: An unauthenticated attacker with local access to the device can create a backdoor with root privileges |
| CVE-2023-44195 | 2023-10-12 | Junos OS Evolved: Packets which are not destined to the router can reach the RE |
| CVE-2023-44196 | 2023-10-12 | Junos OS Evolved: PTX10003 Series: Packets which are not destined to the router can reach the RE |
| CVE-2023-44197 | 2023-10-12 | Junos OS and Junos OS Evolved: An rpd crash may occur when BGP is processing newly learned routes |
| CVE-2023-44198 | 2023-10-12 | Junos OS: SRX Series and MX Series: SIP ALG doesn't drop specifically malformed retransmitted SIP packets |
| CVE-2023-44199 | 2023-10-12 | Junos OS: MX Series: In a PTP scenario a prolonged routing protocol churn can trigger an FPC reboot |
| CVE-2023-44201 | 2023-10-12 | Junos OS and Junos OS Evolved: A local attacker can retrieve sensitive information and elevate privileges on the device to an authorized user. |
| CVE-2023-44203 | 2023-10-12 | Junos OS: QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: Packet flooding will occur when IGMP traffic is sent to an isolated VLAN |
| CVE-2023-44204 | 2023-10-12 | Junos OS and Junos OS Evolved: The rpd will crash upon receiving a malformed BGP UPDATE message |
| CVE-2023-5563 | 2023-10-12 | The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception. |
| CVE-2023-45391 | 2023-10-13 | A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via... |
| CVE-2023-45393 | 2023-10-13 | An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie. |
| CVE-2023-45463 | 2023-10-13 | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-45464 | 2023-10-13 | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2023-45465 | 2023-10-13 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. |
| CVE-2023-45466 | 2023-10-13 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. |
| CVE-2023-45467 | 2023-10-13 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. |
| CVE-2023-45468 | 2023-10-13 | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2023-5564 | 2023-10-13 | Cross-site Scripting (XSS) - Stored in froxlor/froxlor |
| CVE-2023-4562 | 2023-10-13 | Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module |
| CVE-2023-5557 | 2023-10-13 | Tracker-miners: sandbox escape |
| CVE-2023-42752 | 2023-10-13 | Kernel: integer overflow in igmpv3_newpack leading to exploitable memory access |
| CVE-2023-38221 | 2023-10-13 | Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) |
| CVE-2023-38249 | 2023-10-13 | Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) |
| CVE-2023-38250 | 2023-10-13 | Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) |
| CVE-2023-38218 | 2023-10-13 | Incorrect Authorization - Customer account takeover |
| CVE-2023-26366 | 2023-10-13 | Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918) |
| CVE-2023-26367 | 2023-10-13 | Error based file extraction via PHP filter chains during product bulk import logic |
| CVE-2023-38220 | 2023-10-13 | Full page cache enumeration via cookie X-Magento-Vary |
| CVE-2023-38219 | 2023-10-13 | Validate Your Inputs | Cross-site Scripting (Stored XSS) (CWE-79) - Customer to Admin stored XSS with Gift wrapping |
| CVE-2023-38251 | 2023-10-13 | Adobe Commerce | Uncontrolled Resource Consumption (CWE-400) |
| CVE-2023-5571 | 2023-10-13 | Improper Input Validation in vriteio/vrite |
| CVE-2023-5572 | 2023-10-13 | Server-Side Request Forgery (SSRF) in vriteio/vrite |
| CVE-2023-38000 | 2023-10-13 | Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block |
| CVE-2023-5573 | 2023-10-13 | Allocation of Resources Without Limits or Throttling in vriteio/vrite |
| CVE-2023-39999 | 2023-10-13 | WordPress < 6.3.2 is vulnerable to Broken Access Control |
| CVE-2023-43079 | 2023-10-13 | Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order... |
| CVE-2023-45107 | 2023-10-13 | WordPress GoodBarber Plugin <= 1.0.22 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45108 | 2023-10-13 | WordPress Mailrelay Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39960 | 2023-10-13 | Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint |
| CVE-2023-45130 | 2023-10-13 | Frontier opcode SUICIDE touches too many storage values on large contracts |
| CVE-2023-5240 | 2023-10-13 | Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via... |
| CVE-2023-4829 | 2023-10-13 | Cross-site Scripting (XSS) - Stored in froxlor/froxlor |
| CVE-2023-4517 | 2023-10-13 | Cross-site Scripting (XSS) - Stored in hestiacp/hestiacp |
| CVE-2023-4995 | 2023-10-13 | The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping... |
| CVE-2023-45162 | 2023-10-13 | Blind SQL vulnerability in 1E platform |
| CVE-2023-29464 | 2023-10-13 | Rockwell Automation FactoryTalk Linx Vulnerable to Denial-of-Service and Information Disclosure |
| CVE-2023-45109 | 2023-10-13 | WordPress WhitePage Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33303 | 2023-10-13 | A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request |
| CVE-2023-45267 | 2023-10-13 | WordPress IRivYou Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41682 | 2023-10-13 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and... |
| CVE-2023-41681 | 2023-10-13 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4... |
| CVE-2023-41680 | 2023-10-13 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4... |
| CVE-2023-41843 | 2023-10-13 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute... |
| CVE-2023-41836 | 2023-10-13 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0... |
| CVE-2023-45268 | 2023-10-13 | WordPress Hitsteps Web Analytics Plugin <= 5.86 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45269 | 2023-10-13 | WordPress Simple SEO Plugin <= 2.0.25 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45276 | 2023-10-13 | WordPress Automated Editor Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45270 | 2023-10-13 | WordPress Pinpoint Booking System Plugin <= 2.9.9.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40682 | 2023-10-13 | IBM App Connect Enterprise information disclosure |
| CVE-2023-5409 | 2023-10-13 | HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to... |
| CVE-2023-5449 | 2023-10-13 | A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated. |
| CVE-2023-4499 | 2023-10-13 | A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is... |
| CVE-2023-32970 | 2023-10-13 | QTS, QuTS hero, QuTScloud |
| CVE-2023-32973 | 2023-10-13 | QTS, QuTS hero, QuTScloud |
| CVE-2023-32974 | 2023-10-13 | QTS, QuTS hero, QuTScloud |
| CVE-2023-32976 | 2023-10-13 | Container Station |
| CVE-2023-34975 | 2023-10-13 | QTS, QuTS hero, QuTScloud |
| CVE-2023-34976 | 2023-10-13 | Video Station |
| CVE-2023-34977 | 2023-10-13 | Video Station |
| CVE-2023-36559 | 2023-10-13 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2023-4263 | 2023-10-13 | Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver |
| CVE-2023-4257 | 2023-10-13 | Unchecked user input length in the Zephyr WiFi shell module |
| CVE-2023-45674 | 2023-10-13 | SQL injection vulnerability in Farmbot-Web-App |
| CVE-2023-30148 | 2023-10-14 | Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via... |
| CVE-2023-30154 | 2023-10-14 | Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters... |
| CVE-2023-44037 | 2023-10-14 | An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component. |
| CVE-2023-45852 | 2023-10-14 | In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. |
| CVE-2023-45853 | 2023-10-14 | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported... |
| CVE-2023-45855 | 2023-10-14 | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. |
| CVE-2023-45856 | 2023-10-14 | qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI. |
| CVE-2023-45862 | 2023-10-14 | An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. |
| CVE-2023-45863 | 2023-10-14 | An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. |
| CVE-2023-26155 | 2023-10-14 | All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command... |
| CVE-2023-42780 | 2023-10-14 | Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature |
| CVE-2023-45348 | 2023-10-14 | Apache Airflow: Configuration information leakage vulnerability |
| CVE-2023-42792 | 2023-10-14 | Apache Airflow: Improper access control to DAG resources |
| CVE-2023-42663 | 2023-10-14 | Apache Airflow: Bypass permission verification to view task instances of other dags |
| CVE-2023-5578 | 2023-10-14 | Portábilis i-Educar HTTP GET Request agenda_imprimir.php cross site scripting |
| CVE-2023-1259 | 2023-10-14 | The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This... |
| CVE-2023-5579 | 2023-10-14 | yhz66 Sandbox User Data information disclosure |