Lista CVE - 2023 / Novembre
Visualizzazione 2101 - 2200 di 2443 CVE per Novembre 2023 (Pagina 22 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-5525 | 2023-11-27 | Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update |
| CVE-2023-5620 | 2023-11-27 | Webpushr < 4.35.0 - Unauthenticated Stored XSS |
| CVE-2023-6329 | 2023-11-27 | Control iD iDSecure passwordCustom Authentication Bypass |
| CVE-2023-41998 | 2023-11-27 | Arcserve UDP Unauthenticated RCE |
| CVE-2023-41999 | 2023-11-27 | Arcserve UDP Management Authentication Bypass |
| CVE-2023-42000 | 2023-11-27 | Arcserve UDP Agent Unauthenticated Path Traversal File Upload |
| CVE-2022-41951 | 2023-11-27 | OroPlatform vulnerable to path traversal during temporary file manipulations |
| CVE-2023-32062 | 2023-11-27 | OroCalendarBundle has incorrect system calendar events visibility |
| CVE-2023-5885 | 2023-11-27 | Franklin Electric Fueling Systems Colibri Path Traversal |
| CVE-2023-49145 | 2023-11-27 | Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt |
| CVE-2023-24023 | 2023-11-28 | Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might... |
| CVE-2023-45539 | 2023-11-28 | HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end... |
| CVE-2023-46944 | 2023-11-28 | An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component. |
| CVE-2023-47503 | 2023-11-28 | An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. |
| CVE-2023-48022 | 2023-11-28 | Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray,... |
| CVE-2023-48023 | 2023-11-28 | Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use... |
| CVE-2023-48042 | 2023-11-28 | Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. |
| CVE-2023-48121 | 2023-11-28 | An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build... |
| CVE-2023-48193 | 2023-11-28 | Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not... |
| CVE-2023-48848 | 2023-11-28 | An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. |
| CVE-2023-49313 | 2023-11-28 | A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and... |
| CVE-2023-49314 | 2023-11-28 | Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r... |
| CVE-2023-41264 | 2023-11-28 | Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and... |
| CVE-2023-35136 | 2023-11-28 | An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W)... |
| CVE-2023-35139 | 2023-11-28 | A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W)... |
| CVE-2023-30585 | 2023-11-28 | A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation,... |
| CVE-2023-37925 | 2023-11-28 | An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX... |
| CVE-2023-37926 | 2023-11-28 | A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through... |
| CVE-2023-4397 | 2023-11-28 | A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version... |
| CVE-2023-4398 | 2023-11-28 | An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX... |
| CVE-2023-5650 | 2023-11-28 | An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series... |
| CVE-2023-5797 | 2023-11-28 | An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX... |
| CVE-2023-5960 | 2023-11-28 | An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow... |
| CVE-2023-6219 | 2023-11-28 | The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it... |
| CVE-2023-32063 | 2023-11-28 | OroCRMCallBundle has incorrect call view page visibility |
| CVE-2023-32064 | 2023-11-28 | OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility |
| CVE-2023-32065 | 2023-11-28 | OroCommerce get-totals-for-checkout API endpoint returns unwanted data |
| CVE-2023-48713 | 2023-11-28 | Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler |
| CVE-2023-6226 | 2023-11-28 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due... |
| CVE-2023-6225 | 2023-11-28 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up... |
| CVE-2023-49075 | 2023-11-28 | Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls |
| CVE-2023-3368 | 2023-11-28 | Chamilo LMS Unauthenticated Command Injection |
| CVE-2023-3533 | 2023-11-28 | Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write |
| CVE-2023-3545 | 2023-11-28 | Chamilo LMS Htaccess File Upload Security Bypass |
| CVE-2023-4220 | 2023-11-28 | Chamilo LMS Unauthenticated Big Upload File Remote Code Execution |
| CVE-2023-4221 | 2023-11-28 | Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability |
| CVE-2023-4222 | 2023-11-28 | Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability |
| CVE-2023-4223 | 2023-11-28 | Chamilo LMS File Upload Functionality Remote Code Execution |
| CVE-2023-4224 | 2023-11-28 | Chamilo LMS File Upload Functionality Remote Code Execution |
| CVE-2023-4226 | 2023-11-28 | Chamilo LMS File Upload Functionality Remote Code Execution |
| CVE-2023-4225 | 2023-11-28 | Chamilo LMS File Upload Functionality Remote Code Execution |
| CVE-2023-4667 | 2023-11-28 | Stored Cross Site Scripting in webserver administration |
| CVE-2023-34053 | 2023-11-28 | Spring Framework server Web Observations DoS Vulnerability |
| CVE-2023-34054 | 2023-11-28 | Reactor Netty HTTP Server Metrics DoS Vulnerability |
| CVE-2023-34055 | 2023-11-28 | Spring Boot server Web Observations DoS Vulnerability |
| CVE-2023-6150 | 2023-11-28 | Information Disclosure in Eskom E-municipality |
| CVE-2023-6151 | 2023-11-28 | Information Disclosure in Eskom E-municipality |
| CVE-2023-42004 | 2023-11-28 | IBM Security Guardium CSV injection |
| CVE-2023-6201 | 2023-11-28 | Command Injection in Univera Panorama Framework |
| CVE-2023-5981 | 2023-11-28 | Gnutls: timing side-channel in the rsa-psk authentication |
| CVE-2023-6359 | 2023-11-28 | Cross-Site Scripting in Alumne LMS |
| CVE-2023-6239 | 2023-11-28 | Incorrect calculation of effective permissions |
| CVE-2022-41678 | 2023-11-28 | Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE |
| CVE-2023-46589 | 2023-11-28 | Apache Tomcat: HTTP request smuggling via malformed trailer headers |
| CVE-2023-49062 | 2023-11-28 | Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call,... |
| CVE-2023-42502 | 2023-11-28 | Apache Superset: Open Redirect Vulnerability |
| CVE-2023-42505 | 2023-11-28 | Apache Superset: Sensitive information disclosure on db connection details |
| CVE-2023-45286 | 2023-11-28 | HTTP request body disclosure in github.com/go-resty/resty/v2 |
| CVE-2023-40056 | 2023-11-28 | SolarWinds Platform SQL Injection Remote Code Execution Vulnerability |
| CVE-2023-42504 | 2023-11-28 | Apache Superset: Lack of rate limiting allows for possible denial of service |
| CVE-2023-49078 | 2023-11-28 | Cross-Site Scripting vulnerability in raptor-web 0.4.4 |
| CVE-2023-30588 | 2023-11-28 | When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could... |
| CVE-2023-30590 | 2023-11-28 | The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function... |
| CVE-2023-29060 | 2023-11-28 | Lack of USB Whitelisting |
| CVE-2023-29061 | 2023-11-28 | Lack of Adequate BIOS Authentication |
| CVE-2023-29062 | 2023-11-28 | Unsecure Identity Verification |
| CVE-2023-29063 | 2023-11-28 | Lack of DMA Access Protections |
| CVE-2023-29064 | 2023-11-28 | Hardcoded Secrets |
| CVE-2023-29065 | 2023-11-28 | Overly Permissive Access Policy |
| CVE-2023-29066 | 2023-11-28 | Incorrect User Management |
| CVE-2023-49092 | 2023-11-28 | RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels |
| CVE-2023-23324 | 2023-11-29 | Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. |
| CVE-2023-23325 | 2023-11-29 | Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter. |
| CVE-2023-24294 | 2023-11-29 | Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification. |
| CVE-2023-45479 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098. |
| CVE-2023-45480 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878. |
| CVE-2023-45482 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. |
| CVE-2023-45483 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time. |
| CVE-2023-45484 | 2023-11-29 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic. |
| CVE-2023-46886 | 2023-11-29 | Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. |
| CVE-2023-46887 | 2023-11-29 | In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. |
| CVE-2023-47462 | 2023-11-29 | Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function. |
| CVE-2023-48880 | 2023-11-29 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. |
| CVE-2023-48881 | 2023-11-29 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn. |
| CVE-2023-48882 | 2023-11-29 | A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php... |
| CVE-2023-48945 | 2023-11-29 | A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. |
| CVE-2023-48946 | 2023-11-29 | An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. |
| CVE-2023-48947 | 2023-11-29 | An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. |
| CVE-2023-48948 | 2023-11-29 | An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. |
| CVE-2023-48949 | 2023-11-29 | An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. |