Lista CVE - 2023 / Ottobre
Visualizzazione 301 - 400 di 2690 CVE per Ottobre 2023 (Pagina 4 di 27)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-5371 | 2023-10-04 | Memory Allocation with Excessive Size Value in Wireshark |
| CVE-2023-43804 | 2023-10-04 | `Cookie` HTTP header isn't stripped on cross-origin redirects |
| CVE-2023-20101 | 2023-10-04 | A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot... |
| CVE-2023-20259 | 2023-10-04 | A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based... |
| CVE-2023-20235 | 2023-10-04 | A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the... |
| CVE-2023-5402 | 2023-10-04 | A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. |
| CVE-2023-42824 | 2023-10-04 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware... |
| CVE-2023-3428 | 2023-10-04 | Imagemagick: heap-buffer-overflow in coders/tiff.c |
| CVE-2023-3576 | 2023-10-04 | Libtiff: memory leak in tiffcrop.c |
| CVE-2023-39191 | 2023-10-04 | Kernel: ebpf: insufficient stack type checks in dynptr |
| CVE-2023-5399 | 2023-10-04 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the... |
| CVE-2023-5391 | 2023-10-04 | A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. |
| CVE-2023-38701 | 2023-10-04 | Hydra's committed UTxOs at Commit validator and UTxOs at Initial validator can be spent arbitrarily by anyone |
| CVE-2023-42448 | 2023-10-04 | Hydra's contestation period in head datum can be modified during Close transaction, allowing malicious participant to freely modify the contestation deadline |
| CVE-2023-42449 | 2023-10-04 | Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits |
| CVE-2023-38537 | 2023-10-04 | A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected... |
| CVE-2023-38538 | 2023-10-04 | A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very... |
| CVE-2023-42808 | 2023-10-04 | Common Voice Cross-site Scripting vulnerability |
| CVE-2023-42809 | 2023-10-04 | Redisson unsafe deserialization vulnerability |
| CVE-2023-44209 | 2023-10-04 | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051. |
| CVE-2023-44210 | 2023-10-04 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258. |
| CVE-2023-41094 | 2023-10-04 | Touchlink authentication bypass due to packets processed after timeout or out of range in Ember ZNet |
| CVE-2023-44389 | 2023-10-04 | Zope management interface vulnerable to stored cross site scripting via the title property |
| CVE-2023-43793 | 2023-10-04 | Misskey allows users to bypass authentication of Bull dashboard |
| CVE-2023-43805 | 2023-10-04 | Nexkey allows users to bypass authentication of Bull dashboard |
| CVE-2023-43799 | 2023-10-04 | The Altair Desktop Client Does Not Sanitize External URLs before passing them to the underlying system |
| CVE-2023-43809 | 2023-10-04 | Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled |
| CVE-2023-26236 | 2023-10-05 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on... |
| CVE-2023-26237 | 2023-10-05 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM. |
| CVE-2023-26238 | 2023-10-05 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe. |
| CVE-2023-26239 | 2023-10-05 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a... |
| CVE-2023-40920 | 2023-10-05 | Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). |
| CVE-2023-43260 | 2023-10-05 | Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. |
| CVE-2023-43269 | 2023-10-05 | pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. |
| CVE-2023-43284 | 2023-10-05 | D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. |
| CVE-2023-43343 | 2023-10-05 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages... |
| CVE-2023-43981 | 2023-10-05 | Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php. |
| CVE-2023-43983 | 2023-10-05 | Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. |
| CVE-2023-44024 | 2023-10-05 | SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to... |
| CVE-2023-44828 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-44829 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-44830 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-44831 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-44832 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-44833 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-44834 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-44835 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-44836 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-44837 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-44838 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-44839 | 2023-10-05 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2023-45198 | 2023-10-05 | ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also... |
| CVE-2023-45159 | 2023-10-05 | 1E Client installer can perform arbitrary file deletion on protected files |
| CVE-2022-4145 | 2023-10-05 | Content spoofing |
| CVE-2022-3248 | 2023-10-05 | Openshift api admission checks does not enforce "custom-host" permissions |
| CVE-2023-44390 | 2023-10-05 | HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content |
| CVE-2023-45160 | 2023-10-05 | Elevated Temp Directory Execution in 1E Client |
| CVE-2023-4570 | 2023-10-05 | Improper Restriction in NI MeasurementLink Python Services |
| CVE-2023-2306 | 2023-10-05 | Qognify NiceVision Use of Hard-coded Credentials |
| CVE-2023-5423 | 2023-10-05 | SourceCodester Online Pizza Ordering System sql injection |
| CVE-2023-4401 | 2023-10-05 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit... |
| CVE-2023-5346 | 2023-10-05 | Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-43068 | 2023-10-05 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to... |
| CVE-2023-43069 | 2023-10-05 | Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of... |
| CVE-2023-43070 | 2023-10-05 | Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write... |
| CVE-2023-44386 | 2023-10-05 | Incorrect request error handling triggers server crash in Vapor |
| CVE-2023-43071 | 2023-10-05 | Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI.... |
| CVE-2023-43072 | 2023-10-05 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to... |
| CVE-2023-44387 | 2023-10-05 | Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations |
| CVE-2023-43073 | 2023-10-05 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access... |
| CVE-2023-32485 | 2023-10-05 | Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration... |
| CVE-2023-42754 | 2023-10-05 | Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach() |
| CVE-2023-42755 | 2023-10-05 | Kernel: rsvp: out-of-bounds read in rsvp_classify() |
| CVE-2023-40745 | 2023-10-05 | Libtiff: integer overflow in tiffcp.c |
| CVE-2023-41175 | 2023-10-05 | Libtiff: potential integer overflow in raw2tiff.c |
| CVE-2023-5441 | 2023-10-05 | NULL Pointer Dereference in vim/vim |
| CVE-2023-39323 | 2023-10-05 | Arbitrary code execution during build via line directives in cmd/go |
| CVE-2023-44212 | 2023-10-05 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477. |
| CVE-2023-44211 | 2023-10-05 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux,... |
| CVE-2023-44213 | 2023-10-05 | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before... |
| CVE-2023-44214 | 2023-10-05 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. |
| CVE-2023-45240 | 2023-10-05 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. |
| CVE-2023-45241 | 2023-10-05 | Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before... |
| CVE-2023-45242 | 2023-10-05 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. |
| CVE-2023-45243 | 2023-10-05 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. |
| CVE-2015-10125 | 2023-10-05 | WP Ultimate CSV Importer Plugin cross-site request forgery |
| CVE-2023-36123 | 2023-10-06 | Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information. |
| CVE-2023-44061 | 2023-10-06 | File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. |
| CVE-2023-44758 | 2023-10-06 | GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title. |
| CVE-2023-44761 | 2023-10-06 | Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted... |
| CVE-2023-44762 | 2023-10-06 | A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings... |
| CVE-2023-44764 | 2023-10-06 | A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings). |
| CVE-2023-44765 | 2023-10-06 | A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural... |
| CVE-2023-44766 | 2023-10-06 | A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE:... |
| CVE-2023-44770 | 2023-10-06 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. |
| CVE-2023-44771 | 2023-10-06 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. |
| CVE-2023-44807 | 2023-10-06 | D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. |
| CVE-2023-44860 | 2023-10-06 | An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. |
| CVE-2023-45282 | 2023-10-06 | In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. |
| CVE-2023-45303 | 2023-10-06 | ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). |