Lista CVE - 2023 / Novembre
Visualizzazione 1701 - 1800 di 2443 CVE per Novembre 2023 (Pagina 18 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-5651 | 2023-11-20 | WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion |
| CVE-2023-5610 | 2023-11-20 | Seraphinite Accelerator < 2.20.29 - Authenticated Arbitrary Redirect |
| CVE-2023-5509 | 2023-11-20 | myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion |
| CVE-2023-5119 | 2023-11-20 | Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-5640 | 2023-11-20 | Article Analytics <= 1.0 - Unauthenticated SQL injection |
| CVE-2023-5343 | 2023-11-20 | Popup Box < 3.7.9 - Admin+ Stored XSS |
| CVE-2021-27429 | 2023-11-20 | Texas Instruments TI-RTOS Integer Overflow or Wraparound |
| CVE-2021-22636 | 2023-11-20 | Texas Instruments TI-RTOS Integer Overflow or Wraparound |
| CVE-2023-6062 | 2023-11-20 | Arbitrary File Write |
| CVE-2023-6178 | 2023-11-20 | An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which... |
| CVE-2023-6199 | 2023-11-20 | Book Stack v23.10.2 - LFR via Blind SSRF |
| CVE-2023-48310 | 2023-11-20 | Ability to DoS the testing infrastructure by overwriting files |
| CVE-2023-6144 | 2023-11-20 | Dev Blog v1.0 - ATO |
| CVE-2023-6142 | 2023-11-20 | Dev Blog v1.0 - Stored XSS |
| CVE-2023-45886 | 2023-11-21 | The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute. |
| CVE-2023-46935 | 2023-11-21 | eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users. |
| CVE-2023-48124 | 2023-11-21 | Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code via the Name, Email and Address parameters in the Register New Account component. |
| CVE-2023-49104 | 2023-11-21 | An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows... |
| CVE-2023-49105 | 2023-11-21 | An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the... |
| CVE-2023-49103 | 2023-11-21 | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL... |
| CVE-2023-40151 | 2023-11-21 | Red Lion Controls Sixnet RTU Exposed Dangerous Method Or Function |
| CVE-2023-42770 | 2023-11-21 | Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel |
| CVE-2023-5274 | 2023-11-21 | Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker... |
| CVE-2023-5275 | 2023-11-21 | Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker... |
| CVE-2023-4424 | 2023-11-21 | bt: hci: DoS and possible RCE |
| CVE-2023-21416 | 2023-11-21 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access... |
| CVE-2023-21417 | 2023-11-21 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw... |
| CVE-2023-21418 | 2023-11-21 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw... |
| CVE-2023-5553 | 2023-11-21 | During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to... |
| CVE-2023-4149 | 2023-11-21 | WAGO: OS Command Injection Vulnerability in Managed Switch |
| CVE-2023-5776 | 2023-11-21 | The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on... |
| CVE-2023-5599 | 2023-11-21 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x |
| CVE-2023-5598 | 2023-11-21 | Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x |
| CVE-2023-28802 | 2023-11-21 | Disable Zscaler using machine tunnel restart |
| CVE-2023-6235 | 2023-11-21 | Arbitrary code execution in Duet Display |
| CVE-2023-6204 | 2023-11-21 | On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability... |
| CVE-2023-6205 | 2023-11-21 | It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox <... |
| CVE-2023-6206 | 2023-11-21 | The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring... |
| CVE-2023-6207 | 2023-11-21 | Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. |
| CVE-2023-6208 | 2023-11-21 | When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects... |
| CVE-2023-6209 | 2023-11-21 | Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security... |
| CVE-2023-6210 | 2023-11-21 | When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability... |
| CVE-2023-6211 | 2023-11-21 | If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to... |
| CVE-2023-6212 | 2023-11-21 | Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2023-6213 | 2023-11-21 | Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2023-49060 | 2023-11-21 | An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for iOS < 120. |
| CVE-2023-49061 | 2023-11-21 | An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. |
| CVE-2021-27502 | 2023-11-21 | Texas Instruments TI-RTOS Integer Overflow or Wraparound |
| CVE-2021-27504 | 2023-11-21 | Texas Instruments FREERTOS Integer Overflow or Wraparound |
| CVE-2023-22521 | 2023-11-21 | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of... |
| CVE-2023-22516 | 2023-11-21 | This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution)... |
| CVE-2023-5055 | 2023-11-21 | L2CAP: Possible Stack based buffer overflow in le_ecred_reconf_req() |
| CVE-2021-38405 | 2023-11-21 | Siemens Solid Edge, JT2Go, and Teamcenter Visualization Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CVE-2023-20265 | 2023-11-21 | A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against... |
| CVE-2023-20208 | 2023-11-21 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of... |
| CVE-2023-20272 | 2023-11-21 | A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This... |
| CVE-2023-20274 | 2023-11-21 | A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient... |
| CVE-2023-47643 | 2023-11-21 | SuiteCRM has Unauthenticated Graphql Introspection Enabled |
| CVE-2023-48226 | 2023-11-21 | OpenReplay HTML Injection vulnerability |
| CVE-2023-6238 | 2023-11-21 | Kernel: nvme: memory corruption via unprivileged user passthrough |
| CVE-2023-48228 | 2023-11-21 | OAuth2: PKCE can be fully circumvented |
| CVE-2023-48230 | 2023-11-21 | Cap'n Proto WebSocket message can cause crash |
| CVE-2023-48299 | 2023-11-21 | TorchServe ZipSlip |
| CVE-2023-48239 | 2023-11-21 | Nextcloud Server users can make external storage mount points inaccessible for other users |
| CVE-2023-48301 | 2023-11-21 | Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name |
| CVE-2023-6248 | 2023-11-21 | Data leakage and arbitrary remote code execution in Syrus cloud devices |
| CVE-2023-48302 | 2023-11-21 | Nextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V |
| CVE-2023-48303 | 2023-11-21 | Nextcloud Server admins can change authentication details of user configured external storage |
| CVE-2023-48304 | 2023-11-21 | Nextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user |
| CVE-2023-48305 | 2023-11-21 | Nextcloud Server user_ldap app logs user passwords in the log file on level debug |
| CVE-2023-48306 | 2023-11-21 | Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF |
| CVE-2023-48307 | 2023-11-21 | Nextcloud Mail app vulnerable to Server-Side Request Forgery |
| CVE-2023-48699 | 2023-11-21 | fastbots Eval Injection vulnerability |
| CVE-2023-48700 | 2023-11-21 | Clear Text Credentials Exposed via Onboarding Task |
| CVE-2023-48701 | 2023-11-21 | Statamic CMS vulnerable to Cross-site Scripting via uploaded assets |
| CVE-2023-43887 | 2023-11-22 | Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. |
| CVE-2023-46357 | 2023-11-22 | In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can... |
| CVE-2023-46814 | 2023-11-22 | A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable... |
| CVE-2023-47014 | 2023-11-22 | A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to... |
| CVE-2023-47016 | 2023-11-22 | radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h. |
| CVE-2023-47250 | 2023-11-22 | In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of... |
| CVE-2023-47251 | 2023-11-22 | In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically... |
| CVE-2023-47312 | 2023-11-22 | Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries. |
| CVE-2023-47313 | 2023-11-22 | Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload... |
| CVE-2023-47314 | 2023-11-22 | Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (XSS). The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload... |
| CVE-2023-47315 | 2023-11-22 | Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git... |
| CVE-2023-47316 | 2023-11-22 | Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their... |
| CVE-2023-47350 | 2023-11-22 | Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality. |
| CVE-2023-47380 | 2023-11-22 | Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-47392 | 2023-11-22 | An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request. |
| CVE-2023-47393 | 2023-11-22 | An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors. |
| CVE-2023-47467 | 2023-11-22 | Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. |
| CVE-2023-48105 | 2023-11-22 | An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. |
| CVE-2023-48106 | 2023-11-22 | Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file. |
| CVE-2023-48161 | 2023-11-22 | Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c |
| CVE-2023-48646 | 2023-11-22 | Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings. |
| CVE-2023-49102 | 2023-11-22 | NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting... |
| CVE-2023-49146 | 2023-11-22 | DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions. |
| CVE-2023-45377 | 2023-11-22 | In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial... |
| CVE-2023-48107 | 2023-11-22 | Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file. |