Lista CVE - 2023 / Ottobre
Visualizzazione 201 - 300 di 2690 CVE per Ottobre 2023 (Pagina 3 di 27)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-41693 | 2023-10-03 | WordPress MyCryptoCheckout Plugin <= 2.125 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-0506 | 2023-10-03 | ByDemes Group Airspace CCTV Web Service Improper Access Control |
| CVE-2023-41244 | 2023-10-03 | WordPress Localize Remote Images Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39158 | 2023-10-03 | WordPress Woocommerce Category Banner Management Plugin <= 2.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3349 | 2023-10-03 | Information exposure on IBERMATICA RPS |
| CVE-2023-3350 | 2023-10-03 | Cryptographic Issues on IBERMATICA RPS |
| CVE-2023-40558 | 2023-10-03 | WordPress Video Gallery & Management Plugin <= 3.3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4929 | 2023-10-03 | NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability |
| CVE-2023-4886 | 2023-10-03 | Foreman: world readable file containing secrets |
| CVE-2023-4882 | 2023-10-03 | Multiple vulnerabilities in Open5GS |
| CVE-2023-4883 | 2023-10-03 | Multiple vulnerabilities in Open5GS |
| CVE-2023-4884 | 2023-10-03 | Multiple vulnerabilities in Open5GS |
| CVE-2023-4885 | 2023-10-03 | Multiple vulnerabilities in Open5GS |
| CVE-2023-4817 | 2023-10-03 | Unrestricted file upload vulnerability in ICP DAS ET-7060 |
| CVE-2023-3196 | 2023-10-03 | Multiple vulnerabilities in Canopsis of Capensis |
| CVE-2023-4564 | 2023-10-03 | Multiple vulnerabilities in Canopsis of Capensis |
| CVE-2023-33200 | 2023-10-03 | Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations |
| CVE-2023-34970 | 2023-10-03 | Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations |
| CVE-2023-4732 | 2023-10-03 | Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h |
| CVE-2023-4911 | 2023-10-03 | Glibc: buffer overflow in ld.so leading to privilege escalation |
| CVE-2023-5255 | 2023-10-03 | Denial of Service for Revocation of Auto Renewed Certificates |
| CVE-2022-22447 | 2023-10-03 | IBM Disconnected Log Collector information disclosure |
| CVE-2023-22618 | 2023-10-04 | If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects... |
| CVE-2023-27121 | 2023-10-04 | A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2023-35803 | 2023-10-04 | IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. |
| CVE-2023-36618 | 2023-10-04 | Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users. |
| CVE-2023-36619 | 2023-10-04 | Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users. |
| CVE-2023-40299 | 2023-10-04 | Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable. |
| CVE-2023-43321 | 2023-10-04 | File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component. |
| CVE-2023-43838 | 2023-10-04 | An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. |
| CVE-2023-43877 | 2023-10-04 | Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu. |
| CVE-2023-44075 | 2023-10-04 | Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. |
| CVE-2023-43261 | 2023-10-04 | An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. |
| CVE-2023-35905 | 2023-10-04 | IBM FileNet Content Manager cross-site scripting |
| CVE-2023-37404 | 2023-10-04 | IBM Observability with Instana code execution |
| CVE-2023-5357 | 2023-10-04 | The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping... |
| CVE-2023-3213 | 2023-10-04 | The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and... |
| CVE-2023-5291 | 2023-10-04 | The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping... |
| CVE-2023-30690 | 2023-10-04 | Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. |
| CVE-2023-30692 | 2023-10-04 | Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. |
| CVE-2023-30727 | 2023-10-04 | Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction. |
| CVE-2023-30731 | 2023-10-04 | Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type. |
| CVE-2023-30732 | 2023-10-04 | Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number. |
| CVE-2023-30733 | 2023-10-04 | Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution. |
| CVE-2023-30734 | 2023-10-04 | Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. |
| CVE-2023-30735 | 2023-10-04 | Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant. |
| CVE-2023-30736 | 2023-10-04 | Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required. |
| CVE-2023-30737 | 2023-10-04 | Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. |
| CVE-2023-30738 | 2023-10-04 | An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker... |
| CVE-2023-5368 | 2023-10-04 | msdosfs data disclosure |
| CVE-2023-5369 | 2023-10-04 | copy_file_range insufficient capability rights check |
| CVE-2023-5370 | 2023-10-04 | arm64 boot CPUs may lack speculative execution protections |
| CVE-2023-44272 | 2023-10-04 | A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the... |
| CVE-2023-5375 | 2023-10-04 | Open Redirect in mosparo/mosparo |
| CVE-2023-5377 | 2023-10-04 | Out-of-bounds Read in gpac/gpac |
| CVE-2023-37995 | 2023-10-04 | WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25980 | 2023-10-04 | WordPress Optimize Database after Deleting Revisions Plugin <= 5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25788 | 2023-10-04 | WordPress Saphali Woocommerce Lite Plugin <= 1.8.13 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25489 | 2023-10-04 | WordPress Update Theme and Plugins from Zip File Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4586 | 2023-10-04 | Hotrod-client: hot rod client does not enable hostname validation when using tls that lead to a mitm attack |
| CVE-2023-1584 | 2023-10-04 | Quarkus-oidc: id and access tokens leak via the authorization code flow |
| CVE-2023-2809 | 2023-10-04 | Use of Cleartext credentials in Sage 200 Spain |
| CVE-2023-3512 | 2023-10-04 | Relative path traversal in Setelsa Security ConacWin CB |
| CVE-2023-4997 | 2023-10-04 | Improper authorisation in Uptime DC |
| CVE-2023-3701 | 2023-10-04 | Relative path traversal in Aqua eSolutions |
| CVE-2023-2422 | 2023-10-04 | Keycloak: oauth client impersonation |
| CVE-2023-4090 | 2023-10-04 | Cross-Site Scripting (XSS) vulnerability on WideStand CMS of Acilia |
| CVE-2023-4037 | 2023-10-04 | SQL injection in Setelsa Security ConacWin |
| CVE-2023-3037 | 2023-10-04 | HelpDezk Community improper authorization |
| CVE-2023-3038 | 2023-10-04 | HelpDezk Community improper authorization |
| CVE-2023-3153 | 2023-10-04 | Service monitor mac flow is not rate limited |
| CVE-2022-4132 | 2023-10-04 | Memory leak on tls connections |
| CVE-2023-3361 | 2023-10-04 | S3 credentials included when exporting elyra notebook |
| CVE-2023-44208 | 2023-10-04 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. |
| CVE-2023-4491 | 2023-10-04 | Easy Address Book Web Server Buffer overflow vulnerability |
| CVE-2023-4492 | 2023-10-04 | Easy Address Book Web Server XSS vulnerability |
| CVE-2023-4493 | 2023-10-04 | Easy Address Book Web Server Stored XSS vulnerability |
| CVE-2023-4494 | 2023-10-04 | Easy Chat Server Stack-based buffer overflow vulnerability |
| CVE-2023-4495 | 2023-10-04 | Easy Chat Server XSS vulnerability |
| CVE-2023-5373 | 2023-10-04 | SourceCodester Online Computer and Laptop Store Master.php register sql injection |
| CVE-2023-4496 | 2023-10-04 | Easy Chat Server XSS vulnerability |
| CVE-2023-4497 | 2023-10-04 | Easy Chat Server XSS vulnerability |
| CVE-2023-1832 | 2023-10-04 | Improper authorization check in the server component |
| CVE-2023-25025 | 2023-10-04 | WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5374 | 2023-10-04 | SourceCodester Online Computer and Laptop Store products.php sql injection |
| CVE-2023-40684 | 2023-10-04 | IBM Content Navigator cross-site scripting |
| CVE-2023-40376 | 2023-10-04 | IBM UrbanCode Deploy (UCD) improper authentication controls |
| CVE-2022-43906 | 2023-10-04 | IBM Security Guardium information disclosure |
| CVE-2023-27433 | 2023-10-04 | WordPress Make Paths Relative Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-40561 | 2023-10-04 | Enhanced Ecommerce Google Analytics for WooCommerce |
| CVE-2023-22515 | 2023-10-04 | Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center... |
| CVE-2023-40559 | 2023-10-04 | WordPress WooCommerce Dynamic Pricing and Discount Rules Plugin <= 2.4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5113 | 2023-10-04 | Certain HP Enterprise LaserJet, LaserJet Managed printers - Potential denial of service, potential Cross Site Scripting (XSS) |
| CVE-2023-4237 | 2023-10-04 | Platform: ec2_key module prints out the private key directly to the standard output |
| CVE-2023-4380 | 2023-10-04 | Platform: token exposed at importing project |
| CVE-2023-3971 | 2023-10-04 | Controller: html injection in custom login info |
| CVE-2023-3665 | 2023-10-04 | A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of... |
| CVE-2021-3784 | 2023-10-04 | Garuda Linux Improper Authorization |
| CVE-2022-36276 | 2023-10-04 | SQL injection vulnerability in TCMAN GIM |
| CVE-2022-36277 | 2023-10-04 | SQL injection vulnerability in TCMAN GIM |