Lista CVE - 2023 / Novembre
Visualizzazione 2001 - 2100 di 2443 CVE per Novembre 2023 (Pagina 21 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-6275 | 2023-11-24 | TOTVS Fluig Platform mobileredir openApp.jsp cross site scripting |
| CVE-2023-6276 | 2023-11-24 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-48712 | 2023-11-24 | User authorization bug leading to privilege escalation in warpgate |
| CVE-2023-48711 | 2023-11-24 | Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser |
| CVE-2023-48312 | 2023-11-24 | Authentication bypass using an empty token in capsule-proxy |
| CVE-2023-48708 | 2023-11-24 | Insertion of Sensitive Information into Log in codeigniter4/shield |
| CVE-2023-48707 | 2023-11-24 | Cleartext Storage of Sensitive Information in codeigniter4/shield |
| CVE-2023-6277 | 2023-11-24 | Libtiff: out-of-memory in tiffopen via a craft file |
| CVE-2023-6293 | 2023-11-24 | Prototype Pollution in robinbuschmann/sequelize-typescript |
| CVE-2023-49312 | 2023-11-26 | Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker... |
| CVE-2023-49321 | 2023-11-26 | Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure... |
| CVE-2023-49322 | 2023-11-26 | Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure... |
| CVE-2023-6296 | 2023-11-26 | osCommerce Instant Message compare cross site scripting |
| CVE-2023-6297 | 2023-11-26 | PHPGurukul Nipah Virus Testing Management System Search Report Page patient-search-report.php cross site scripting |
| CVE-2023-6298 | 2023-11-26 | Apryse iText PdfDocument.java main array index |
| CVE-2023-6299 | 2023-11-26 | Apryse iText Reference Table PdfDocument.java memory leak |
| CVE-2023-6300 | 2023-11-26 | SourceCodester Best Courier Management System cross site scripting |
| CVE-2023-6301 | 2023-11-26 | SourceCodester Best Courier Management System GET Parameter parcel_list.php cross site scripting |
| CVE-2023-29770 | 2023-11-27 | In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. |
| CVE-2023-42363 | 2023-11-27 | A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. |
| CVE-2023-42366 | 2023-11-27 | A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. |
| CVE-2023-46349 | 2023-11-27 | In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can... |
| CVE-2023-46355 | 2023-11-27 | In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does... |
| CVE-2023-47437 | 2023-11-27 | A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project... |
| CVE-2023-48034 | 2023-11-27 | An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. |
| CVE-2023-48188 | 2023-11-27 | SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. |
| CVE-2023-49028 | 2023-11-27 | Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file. |
| CVE-2023-49029 | 2023-11-27 | Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file. |
| CVE-2023-49030 | 2023-11-27 | SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. |
| CVE-2023-49040 | 2023-11-27 | An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function. |
| CVE-2023-49042 | 2023-11-27 | Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi. |
| CVE-2023-49043 | 2023-11-27 | Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat. |
| CVE-2023-49044 | 2023-11-27 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set. |
| CVE-2023-49046 | 2023-11-27 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. |
| CVE-2023-49047 | 2023-11-27 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName. |
| CVE-2023-49316 | 2023-11-27 | In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service. |
| CVE-2023-42364 | 2023-11-27 | A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. |
| CVE-2023-42365 | 2023-11-27 | A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. |
| CVE-2023-46480 | 2023-11-27 | An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function. |
| CVE-2023-6302 | 2023-11-27 | CSZCMS File Manager Page templates permission |
| CVE-2023-6303 | 2023-11-27 | CSZCMS Site Settings Page cross site scripting |
| CVE-2023-6304 | 2023-11-27 | Tecno 4G Portable WiFi TR118 Ping Tool goform_get_cmd_process os command injection |
| CVE-2023-6305 | 2023-11-27 | SourceCodester Free and Open Source Inventory Management System suppliar_data.php sql injection |
| CVE-2023-6306 | 2023-11-27 | SourceCodester Free and Open Source Inventory Management System member_data.php sql injection |
| CVE-2023-6307 | 2023-11-27 | jeecgboot JimuReport image path traversal |
| CVE-2023-6308 | 2023-11-27 | Xiamen Four-Faith Video Surveillance Management System Apache Struts unrestricted upload |
| CVE-2023-6309 | 2023-11-27 | moses-smt mosesdecoder trans_result.php os command injection |
| CVE-2023-6310 | 2023-11-27 | SourceCodester Loan Management System deleteBorrower.php delete_borrower sql injection |
| CVE-2023-6311 | 2023-11-27 | SourceCodester Loan Management System Loan Type Page delete_ltype.php delete_ltype sql injection |
| CVE-2023-6312 | 2023-11-27 | SourceCodester Loan Management System Users Page deleteUser.php delete_user sql injection |
| CVE-2023-6313 | 2023-11-27 | SourceCodester URL Shortener Long URL cross site scripting |
| CVE-2023-25632 | 2023-11-27 | The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature. |
| CVE-2023-47865 | 2023-11-27 | Username and Icon override can be used by members when Hardened Mode is enabled |
| CVE-2023-45223 | 2023-11-27 | Users full name disclosure through Mattermost Boards with Show Full Name Option disabled |
| CVE-2023-48268 | 2023-11-27 | Denial of Service via Board Import Zip Bomb |
| CVE-2023-40703 | 2023-11-27 | Denial of Service via specially crafted block fields in Mattermost Boards |
| CVE-2023-35075 | 2023-11-27 | HTML injection via channel autocomplete |
| CVE-2023-48369 | 2023-11-27 | Log Flooding due to specially crafted requests in different endpoints |
| CVE-2023-43754 | 2023-11-27 | Permalink previews displayed for posts in archived channels even if users are disallowed to view archived channels |
| CVE-2023-6202 | 2023-11-27 | Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards |
| CVE-2023-47168 | 2023-11-27 | Open redirect in /oauth/<service>/mobile_login?redirect_to= |
| CVE-2023-6254 | 2023-11-27 | Password is send back to client |
| CVE-2023-49068 | 2023-11-27 | Apache DolphinScheduler: Information Leakage Vulnerability |
| CVE-2023-40610 | 2023-11-27 | Apache Superset: Privilege escalation with default examples database |
| CVE-2023-42501 | 2023-11-27 | Apache Superset: Unnecessary read permissions within the Gamma role |
| CVE-2023-5607 | 2023-11-27 | An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to... |
| CVE-2023-43701 | 2023-11-27 | Apache Superset: Stored XSS on API endpoint |
| CVE-2023-5871 | 2023-11-27 | Libnbd: malicious nbd server may crash libnbd |
| CVE-2023-4590 | 2023-11-27 | Buffer Overflow vulnerability in Frhed |
| CVE-2023-6287 | 2023-11-27 | Backup password in GET parameter |
| CVE-2023-4931 | 2023-11-27 | Uncontrolled search path element vulnerability in Plesk |
| CVE-2023-38573 | 2023-11-27 | A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously... |
| CVE-2023-41257 | 2023-11-27 | A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which... |
| CVE-2023-32616 | 2023-11-27 | A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed... |
| CVE-2023-35985 | 2023-11-27 | An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file... |
| CVE-2023-40194 | 2023-11-27 | An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at... |
| CVE-2023-39542 | 2023-11-27 | A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution.... |
| CVE-2023-31275 | 2023-11-27 | An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote... |
| CVE-2023-4642 | 2023-11-27 | kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition |
| CVE-2023-5209 | 2023-11-27 | Bookly < 22.5 - Admin+ Stored XSS |
| CVE-2023-5906 | 2023-11-27 | Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure |
| CVE-2023-4252 | 2023-11-27 | EventPrime <= 3.2.9 - Booking Pricing Bypass |
| CVE-2023-5560 | 2023-11-27 | WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS |
| CVE-2023-5239 | 2023-11-27 | Security & Malware scan by CleanTalk < 2.121 - IP Spoofing |
| CVE-2023-5604 | 2023-11-27 | Asgaros Forum < 2.7.1 - Unauthenticated Arbitrary File Upload |
| CVE-2023-5653 | 2023-11-27 | WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored XSS |
| CVE-2023-4297 | 2023-11-27 | Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing |
| CVE-2023-5845 | 2023-11-27 | Simple Social Buttons < 5.1.1 - Unauthenticated Password Protected Post Access |
| CVE-2023-5737 | 2023-11-27 | WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update |
| CVE-2023-5974 | 2023-11-27 | WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery |
| CVE-2023-5325 | 2023-11-27 | Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS |
| CVE-2023-4922 | 2023-11-27 | WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion |
| CVE-2023-5958 | 2023-11-27 | POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting |
| CVE-2023-4514 | 2023-11-27 | Mmm Simple File List <= 2.3 - Contributor+ Stored XSS |
| CVE-2023-5738 | 2023-11-27 | WordPress Backup & Migration < 1.4.5 - Subscriber+ Stored XSS |
| CVE-2023-5942 | 2023-11-27 | Medialist < 1.4.1 - Contributor+ Stored XSS |
| CVE-2023-2707 | 2023-11-27 | Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS |
| CVE-2023-5611 | 2023-11-27 | Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import |
| CVE-2023-5559 | 2023-11-27 | 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion |
| CVE-2023-5641 | 2023-11-27 | Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS |