Lista CVE - 2023 / Ottobre
Visualizzazione 2001 - 2100 di 2690 CVE per Ottobre 2023 (Pagina 21 di 27)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-46423 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function. |
| CVE-2023-46424 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function. |
| CVE-2023-46518 | 2023-10-25 | Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB. |
| CVE-2023-46520 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. |
| CVE-2023-46521 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. |
| CVE-2023-46522 | 2023-10-25 | TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister. |
| CVE-2023-46523 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. |
| CVE-2023-46525 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. |
| CVE-2023-46526 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. |
| CVE-2023-46527 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle. |
| CVE-2023-46534 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister. |
| CVE-2023-46535 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. |
| CVE-2023-46536 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister. |
| CVE-2023-46537 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister. |
| CVE-2023-46538 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. |
| CVE-2023-46539 | 2023-10-25 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. |
| CVE-2023-46540 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp. |
| CVE-2023-46541 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup. |
| CVE-2023-46542 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig. |
| CVE-2023-46543 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey. |
| CVE-2023-46544 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl. |
| CVE-2023-46545 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc. |
| CVE-2023-46546 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats. |
| CVE-2023-46547 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog. |
| CVE-2023-46548 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect. |
| CVE-2023-46549 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg. |
| CVE-2023-46550 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice. |
| CVE-2023-46551 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl. |
| CVE-2023-46552 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP. |
| CVE-2023-46553 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl. |
| CVE-2023-46554 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel. |
| CVE-2023-46555 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw. |
| CVE-2023-46556 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. |
| CVE-2023-46557 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN. |
| CVE-2023-46558 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice. |
| CVE-2023-46559 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr. |
| CVE-2023-46560 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup. |
| CVE-2023-46562 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg. |
| CVE-2023-46563 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. |
| CVE-2023-46564 | 2023-10-25 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. |
| CVE-2023-46583 | 2023-10-25 | Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field. |
| CVE-2023-46584 | 2023-10-25 | SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. |
| CVE-2023-46119 | 2023-10-25 | Parse Server may crash when uploading file without extension |
| CVE-2023-46123 | 2023-10-25 | jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values |
| CVE-2023-41721 | 2023-10-25 | Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating... |
| CVE-2023-38041 | 2023-10-25 | A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition... |
| CVE-2023-46135 | 2023-10-25 | Panic in SignedPayload::from_payload |
| CVE-2023-37283 | 2023-10-25 | Authentication Bypass via HTML Form & Identifier First Adapter |
| CVE-2023-39219 | 2023-10-25 | Admin Console Denial of Service via Java class enumeration |
| CVE-2023-34085 | 2023-10-25 | User Attribute Disclosure via DynamoDB Data Stores |
| CVE-2023-46158 | 2023-10-25 | IBM WebSphere Application Server session fixation |
| CVE-2023-34048 | 2023-10-25 | VMware vCenter Server Out-of-Bounds Write Vulnerability |
| CVE-2023-34056 | 2023-10-25 | VMware vCenter Server Partial Information Disclosure Vulnerability |
| CVE-2023-5311 | 2023-10-25 | The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2.... |
| CVE-2023-3010 | 2023-10-25 | Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability. |
| CVE-2023-26568 | 2023-10-25 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application |
| CVE-2023-26569 | 2023-10-25 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application |
| CVE-2023-26570 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-26571 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-26572 | 2023-10-25 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application |
| CVE-2023-26573 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-26574 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-26575 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-26576 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-26577 | 2023-10-25 | Stored Cross-site Scripting In IDAttend’s IDWeb Application |
| CVE-2023-26578 | 2023-10-25 | Arbitrary File Upload to Web Root In IDAttend’s IDWeb Application |
| CVE-2023-26579 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-26580 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-26581 | 2023-10-25 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application |
| CVE-2023-26582 | 2023-10-25 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application |
| CVE-2023-26583 | 2023-10-25 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application |
| CVE-2023-26584 | 2023-10-25 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application |
| CVE-2023-27254 | 2023-10-25 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application |
| CVE-2023-27255 | 2023-10-25 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application |
| CVE-2023-27256 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-27257 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-27258 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-27259 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-27375 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-27376 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-27377 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-27261 | 2023-10-25 | Missing Authentication In IDAttend’s IDWeb Application |
| CVE-2023-27260 | 2023-10-25 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application |
| CVE-2023-27262 | 2023-10-25 | Unauthenticated SQL Injection In IDAttend’s IDWeb Application |
| CVE-2023-4693 | 2023-10-25 | Grub2: out-of-bounds read at fs/ntfs.c |
| CVE-2023-4692 | 2023-10-25 | Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution |
| CVE-2023-1356 | 2023-10-25 | Reflected Cross-site Scripting In IDAttend’s IDWeb Application |
| CVE-2023-5717 | 2023-10-25 | Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component |
| CVE-2023-45844 | 2023-10-25 | The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access... |
| CVE-2023-43488 | 2023-10-25 | The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be... |
| CVE-2023-46650 | 2023-10-25 | Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by... |
| CVE-2023-46651 | 2023-10-25 | Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.... |
| CVE-2023-46652 | 2023-10-25 | A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. |
| CVE-2023-46653 | 2023-10-25 | Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. |
| CVE-2023-46654 | 2023-10-25 | Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step,... |
| CVE-2023-46655 | 2023-10-25 | Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step,... |
| CVE-2023-46656 | 2023-10-25 | Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to... |
| CVE-2023-46657 | 2023-10-25 | Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods... |
| CVE-2023-46658 | 2023-10-25 | Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use... |
| CVE-2023-46659 | 2023-10-25 | Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with... |