Lista CVE - 2023 / Ottobre
Visualizzazione 2101 - 2200 di 2690 CVE per Ottobre 2023 (Pagina 22 di 27)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-46660 | 2023-10-25 | Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical... |
| CVE-2023-41255 | 2023-10-25 | The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of... |
| CVE-2023-41960 | 2023-10-25 | The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself. |
| CVE-2023-41372 | 2023-10-25 | The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious... |
| CVE-2023-45220 | 2023-10-25 | The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to... |
| CVE-2023-45321 | 2023-10-25 | The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials... |
| CVE-2023-45851 | 2023-10-25 | The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application... |
| CVE-2023-46102 | 2023-10-25 | The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds... |
| CVE-2023-42491 | 2023-10-25 | EisBaer Scada - CWE-285: Improper Authorization |
| CVE-2023-42488 | 2023-10-25 | EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CVE-2023-30912 | 2023-10-25 | A remote code execution issue exists in HPE OneView. |
| CVE-2023-42489 | 2023-10-25 | EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource |
| CVE-2023-42490 | 2023-10-25 | EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2023-42492 | 2023-10-25 | EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key |
| CVE-2023-42493 | 2023-10-25 | EisBaer Scada - CWE-256: Plaintext Storage of a Password |
| CVE-2023-42494 | 2023-10-25 | EisBaer Scada - CWE-749: Exposed Dangerous Method or Function |
| CVE-2023-34446 | 2023-10-25 | iTop XSS vulnerability on pages/preferences.php |
| CVE-2023-34447 | 2023-10-25 | iTop XSS vulnerability on pages/UI.php |
| CVE-2023-5472 | 2023-10-25 | Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-37908 | 2023-10-25 | org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability |
| CVE-2023-37909 | 2023-10-25 | Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet |
| CVE-2023-5671 | 2023-10-25 | HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability. |
| CVE-2023-37910 | 2023-10-25 | org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move |
| CVE-2023-37911 | 2023-10-25 | org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents |
| CVE-2023-37912 | 2023-10-25 | XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro |
| CVE-2023-37913 | 2023-10-25 | org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter |
| CVE-2023-42847 | 2023-10-25 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without... |
| CVE-2023-40401 | 2023-10-25 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication. |
| CVE-2023-40421 | 2023-10-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive... |
| CVE-2023-32359 | 2023-10-25 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver. |
| CVE-2023-40416 | 2023-10-25 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS... |
| CVE-2023-42846 | 2023-10-25 | This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device... |
| CVE-2023-42850 | 2023-10-25 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data. |
| CVE-2023-42861 | 2023-10-25 | A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard... |
| CVE-2023-41975 | 2023-10-25 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access... |
| CVE-2023-42857 | 2023-10-25 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be... |
| CVE-2023-42841 | 2023-10-25 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An... |
| CVE-2023-41997 | 2023-10-25 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and... |
| CVE-2023-40447 | 2023-10-25 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1,... |
| CVE-2023-42856 | 2023-10-25 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app... |
| CVE-2023-41077 | 2023-10-25 | An app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Ventura 13.6.1. The issue was addressed with improved checks. |
| CVE-2023-41977 | 2023-10-25 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history. |
| CVE-2023-40425 | 2023-10-25 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may... |
| CVE-2023-40405 | 2023-10-25 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location... |
| CVE-2023-42438 | 2023-10-25 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing. |
| CVE-2023-40444 | 2023-10-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data. |
| CVE-2023-41982 | 2023-10-25 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and... |
| CVE-2023-40413 | 2023-10-25 | The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS... |
| CVE-2023-42854 | 2023-10-25 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause... |
| CVE-2023-42842 | 2023-10-25 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data. |
| CVE-2023-41983 | 2023-10-25 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web... |
| CVE-2023-41254 | 2023-10-25 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2,... |
| CVE-2023-40445 | 2023-10-25 | The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock. |
| CVE-2023-40404 | 2023-10-25 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2023-40449 | 2023-10-25 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS... |
| CVE-2023-41976 | 2023-10-25 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari... |
| CVE-2023-40408 | 2023-10-25 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS... |
| CVE-2023-42845 | 2023-10-25 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be... |
| CVE-2023-41072 | 2023-10-25 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be... |
| CVE-2023-41988 | 2023-10-25 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with... |
| CVE-2023-42849 | 2023-10-25 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura... |
| CVE-2023-40423 | 2023-10-25 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS... |
| CVE-2023-41989 | 2023-10-25 | The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as... |
| CVE-2023-42852 | 2023-10-25 | A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1,... |
| CVE-2023-42844 | 2023-10-25 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access... |
| CVE-2023-45134 | 2023-10-25 | XWiki Platform XSS vulnerability from account in the create page form via template provider |
| CVE-2022-4886 | 2023-10-25 | Ingress-nginx `path` sanitization can be bypassed with `log_format` directive |
| CVE-2023-5043 | 2023-10-25 | Ingress nginx annotation injection causes arbitrary command execution |
| CVE-2023-5044 | 2023-10-25 | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation |
| CVE-2023-45135 | 2023-10-25 | XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title |
| CVE-2023-45136 | 2023-10-25 | XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled |
| CVE-2023-5367 | 2023-10-25 | Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty |
| CVE-2023-5380 | 2023-10-25 | Xorg-x11-server: use-after-free bug in destroywindow |
| CVE-2023-5574 | 2023-10-25 | Xorg-x11-server: use-after-free bug in damagedestroy |
| CVE-2023-45137 | 2023-10-25 | XWiki Platform XSS with edit right in the create document form for existing pages |
| CVE-2023-46133 | 2023-10-25 | crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard |
| CVE-2023-46233 | 2023-10-25 | crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard |
| CVE-2023-46134 | 2023-10-25 | D-Tale vulnerable to Remote Code Execution through the Custom Filter Input |
| CVE-2023-46137 | 2023-10-25 | twisted.web has disordered HTTP pipeline response |
| CVE-2023-46232 | 2023-10-25 | era-compiler-vyper First Immutable Variable Initialization vulnerability |
| CVE-2023-30969 | 2023-10-25 | Palantir Tiles missing authentication on API endpoints |
| CVE-2023-30967 | 2023-10-25 | Gotham Orbital Simulator path traversal |
| CVE-2023-46668 | 2023-10-25 | Elastic Endpoint Insertion of Sensitive Information into Log File |
| CVE-2018-16739 | 2023-10-26 | An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges. |
| CVE-2018-17558 | 2023-10-26 | Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03,... |
| CVE-2018-17559 | 2023-10-26 | Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. |
| CVE-2018-17878 | 2023-10-26 | Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function. |
| CVE-2018-17879 | 2023-10-26 | An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts. |
| CVE-2020-17477 | 2023-10-26 | Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests.... |
| CVE-2023-27170 | 2023-10-26 | Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. |
| CVE-2023-33558 | 2023-10-26 | An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. |
| CVE-2023-33559 | 2023-10-26 | A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. |
| CVE-2023-38328 | 2023-10-26 | An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a... |
| CVE-2023-39726 | 2023-10-26 | An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal. |
| CVE-2023-42188 | 2023-10-26 | IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). |
| CVE-2023-42406 | 2023-10-26 | SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component. |
| CVE-2023-43352 | 2023-10-26 | An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. |
| CVE-2023-45867 | 2023-10-26 | ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this... |
| CVE-2023-45868 | 2023-10-26 | The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based... |
| CVE-2023-45869 | 2023-10-26 | ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the... |