Lista CVE - 2023 / Novembre
Visualizzazione 1 - 100 di 2443 CVE per Novembre 2023 (Pagina 1 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-44025 | 2023-11-01 | SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component. |
| CVE-2023-44954 | 2023-11-01 | Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. |
| CVE-2023-46428 | 2023-11-01 | An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2023-46448 | 2023-11-01 | Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images. |
| CVE-2023-46482 | 2023-11-01 | SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. |
| CVE-2023-46911 | 2023-11-01 | There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend. |
| CVE-2023-46927 | 2023-11-01 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box. |
| CVE-2023-46928 | 2023-11-01 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42. |
| CVE-2023-46930 | 2023-11-01 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14. |
| CVE-2023-46931 | 2023-11-01 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box. |
| CVE-2023-5890 | 2023-11-01 | Cross-site Scripting (XSS) - Stored in pkp/pkp-lib |
| CVE-2023-5893 | 2023-11-01 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5892 | 2023-11-01 | Cross-site Scripting (XSS) - Stored in pkp/pkp-lib |
| CVE-2023-5891 | 2023-11-01 | Cross-site Scripting (XSS) - Reflected in pkp/pkp-lib |
| CVE-2023-5889 | 2023-11-01 | Insufficient Session Expiration in pkp/pkp-lib |
| CVE-2023-5894 | 2023-11-01 | Cross-site Scripting (XSS) - Stored in pkp/ojs |
| CVE-2023-5895 | 2023-11-01 | Cross-site Scripting (XSS) - DOM in pkp/pkp-lib |
| CVE-2023-5899 | 2023-11-01 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5896 | 2023-11-01 | Cross-site Scripting (XSS) - Stored in pkp/pkp-lib |
| CVE-2023-5902 | 2023-11-01 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5898 | 2023-11-01 | Cross-Site Request Forgery (CSRF) in pkp/pkp-lib |
| CVE-2023-5897 | 2023-11-01 | Cross-Site Request Forgery (CSRF) in pkp/customLocale |
| CVE-2023-5901 | 2023-11-01 | Cross-site Scripting in pkp/pkp-lib |
| CVE-2023-5900 | 2023-11-01 | Cross-Site Request Forgery in pkp/pkp-lib |
| CVE-2023-5903 | 2023-11-01 | Cross-site Scripting (XSS) - Stored in pkp/pkp-lib |
| CVE-2023-5904 | 2023-11-01 | Cross-site Scripting (XSS) - Stored in pkp/pkp-lib |
| CVE-2023-2621 | 2023-11-01 | The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an... |
| CVE-2023-2622 | 2023-11-01 | Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to... |
| CVE-2023-5514 | 2023-11-01 | The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. |
| CVE-2023-5515 | 2023-11-01 | The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks... |
| CVE-2023-5516 | 2023-11-01 | Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals... |
| CVE-2023-4197 | 2023-11-01 | Dolibarr ERP CRM (<= 18.0.1) Improper Input Sanitization Authenticated RCE |
| CVE-2023-4198 | 2023-11-01 | Dolibarr ERP CRM (<= 17.0.3) Improper Access Control |
| CVE-2023-1713 | 2023-11-01 | Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation |
| CVE-2023-1714 | 2023-11-01 | Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction |
| CVE-2023-1715 | 2023-11-01 | Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page (1 of 2) |
| CVE-2023-1716 | 2023-11-01 | Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page (2 of 2) |
| CVE-2023-1717 | 2023-11-01 | Bitrix24 Cross-Site Scripting (XSS) via Client-side Prototype Pollution |
| CVE-2023-1718 | 2023-11-01 | Bitrix24 Denial-of-Service (DoS) via Improper File Stream Access |
| CVE-2023-1719 | 2023-11-01 | Bitrix24 Insecure Global Variable Extraction |
| CVE-2023-1720 | 2023-11-01 | Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload |
| CVE-2023-42631 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42632 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42633 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42634 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42635 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42636 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42637 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42638 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42639 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42640 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42641 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42642 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42643 | 2023-11-01 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42644 | 2023-11-01 | In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42645 | 2023-11-01 | In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with... |
| CVE-2023-42646 | 2023-11-01 | In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42647 | 2023-11-01 | In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with... |
| CVE-2023-42648 | 2023-11-01 | In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42649 | 2023-11-01 | In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42650 | 2023-11-01 | In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42651 | 2023-11-01 | In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42652 | 2023-11-01 | In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42653 | 2023-11-01 | In faceid service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges |
| CVE-2023-42750 | 2023-11-01 | In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2022-48454 | 2023-11-01 | In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges... |
| CVE-2022-48455 | 2023-11-01 | In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges... |
| CVE-2022-48456 | 2023-11-01 | In camera driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2022-48457 | 2023-11-01 | In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2022-48458 | 2023-11-01 | In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2022-48459 | 2023-11-01 | In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2022-48460 | 2023-11-01 | In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2022-48461 | 2023-11-01 | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-42654 | 2023-11-01 | In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-42655 | 2023-11-01 | In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege... |
| CVE-2023-5625 | 2023-11-01 | Python-eventlet: patch regression for cve-2021-21419 in some red hat builds |
| CVE-2023-4452 | 2023-11-01 | Web Server Buffer Overflow Vulnerability |
| CVE-2023-5627 | 2023-11-01 | Incorrect Implementation of Authentication Algorithm Vulnerability |
| CVE-2023-40062 | 2023-11-01 | Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability |
| CVE-2023-40061 | 2023-11-01 | Insecure Job Execution Mechanism Vulnerability |
| CVE-2023-5847 | 2023-11-01 | Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. |
| CVE-2023-33226 | 2023-11-01 | Directory Traversal Remote Code Execution Vulnerability |
| CVE-2023-33227 | 2023-11-01 | Directory Traversal Remote Code Execution Vulnerability |
| CVE-2023-33228 | 2023-11-01 | SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability |
| CVE-2023-3972 | 2023-11-01 | Insights-client: unsafe handling of temporary files and directories |
| CVE-2023-5178 | 2023-11-01 | Kernel: use after free in nvmet_tcp_free_crypto in nvme |
| CVE-2023-20177 | 2023-11-01 | A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort... |
| CVE-2023-20086 | 2023-11-01 | A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of... |
| CVE-2023-20114 | 2023-11-01 | A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability... |
| CVE-2023-20155 | 2023-11-01 | A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected... |
| CVE-2023-20244 | 2023-11-01 | A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial... |
| CVE-2023-20270 | 2023-11-01 | A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated,... |
| CVE-2023-20041 | 2023-11-01 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2023-20206 | 2023-11-01 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2023-20074 | 2023-11-01 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2023-20005 | 2023-11-01 | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a... |
| CVE-2023-20256 | 2023-11-01 | Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured... |
| CVE-2023-20245 | 2023-11-01 | Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured... |
| CVE-2023-20213 | 2023-11-01 | A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an... |
| CVE-2023-20195 | 2023-11-01 | Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials... |