Lista CVE - 2023 / Novembre
Visualizzazione 301 - 400 di 2443 CVE per Novembre 2023 (Pagina 4 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-41652 | 2023-11-03 | WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to SQL Injection |
| CVE-2023-34383 | 2023-11-03 | WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to SQL Injection |
| CVE-2022-47588 | 2023-11-03 | WordPress Simple Photo Gallery Plugin <= v1.8.1 is vulnerable to SQL Injection |
| CVE-2023-3277 | 2023-11-03 | The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login... |
| CVE-2022-45805 | 2023-11-03 | WordPress Paytm Payment Gateway Plugin <= 2.7.3 is vulnerable to SQL Injection |
| CVE-2023-25960 | 2023-11-03 | WordPress Zendrop – Global Dropshipping Plugin <= 1.0.0 is vulnerable to SQL Injection |
| CVE-2022-47445 | 2023-11-03 | WordPress Be POPIA Compliant Plugin <= 1.2.0 is vulnerable to SQL Injection |
| CVE-2023-5707 | 2023-11-03 | The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to... |
| CVE-2023-5945 | 2023-11-03 | The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func()... |
| CVE-2023-3961 | 2023-11-03 | Samba: smbd allows client access to unix domain sockets on the file system as root |
| CVE-2022-46808 | 2023-11-03 | WordPress ARMember Plugin <= 3.4.11 is vulnerable to SQL Injection |
| CVE-2023-26015 | 2023-11-03 | WordPress MapPress Maps for WordPress Plugin <= 2.85.4 is vulnerable to SQL Injection |
| CVE-2022-46859 | 2023-11-03 | WordPress Spiffy Calendar Plugin <= 4.9.1 is vulnerable to SQL Injection |
| CVE-2022-47426 | 2023-11-03 | WordPress Neshan Maps Plugin <= 1.1.4 is vulnerable to SQL Injection |
| CVE-2023-5946 | 2023-11-03 | The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible... |
| CVE-2023-5088 | 2023-11-03 | Qemu: improper ide controller reset can lead to mbr overwrite |
| CVE-2022-46818 | 2023-11-03 | WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to SQL Injection |
| CVE-2023-32121 | 2023-11-03 | WordPress Zero Spam Plugin <= 5.4.4 is vulnerable to SQL Injection |
| CVE-2023-32508 | 2023-11-03 | WordPress Order Your Posts Manually Plugin <= 2.2.5 is vulnerable to SQL Injection |
| CVE-2023-25990 | 2023-11-03 | WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection |
| CVE-2023-25800 | 2023-11-03 | WordPress Tutor LMS Plugin <= 2.2.0 is vulnerable to SQL Injection |
| CVE-2023-23368 | 2023-11-03 | QTS, QuTS hero, QuTScloud |
| CVE-2023-23369 | 2023-11-03 | QTS, Multimedia Console, and Media Streaming add-on |
| CVE-2023-39299 | 2023-11-03 | Music Station |
| CVE-2023-39301 | 2023-11-03 | QTS, QuTS hero, QuTScloud |
| CVE-2023-25700 | 2023-11-03 | WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection |
| CVE-2023-34179 | 2023-11-03 | WordPress Groundhogg Plugin <= 2.7.11 is vulnerable to SQL Injection |
| CVE-2023-36529 | 2023-11-03 | WordPress Houzez CRM Plugin <= 1.3.4 is vulnerable to SQL Injection |
| CVE-2023-3893 | 2023-11-03 | Kubernetes - csi-proxy - Insufficient input sanitization leads to privilege escalation |
| CVE-2022-3172 | 2023-11-03 | Kubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF) |
| CVE-2022-44569 | 2023-11-03 | A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. |
| CVE-2022-43555 | 2023-11-03 | Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability |
| CVE-2022-43554 | 2023-11-03 | Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability |
| CVE-2023-41725 | 2023-11-03 | Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability |
| CVE-2023-41726 | 2023-11-03 | Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability |
| CVE-2023-45189 | 2023-11-03 | IBM Robotic Process Automation information disclosure |
| CVE-2023-36677 | 2023-11-03 | WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to SQL Injection |
| CVE-2023-32741 | 2023-11-03 | WordPress Contact Form to Any API Plugin <= 1.1.2 is vulnerable to SQL Injection |
| CVE-2023-38391 | 2023-11-03 | WordPress Onepage Builder – Easiest Landing Page Builder For WordPress Plugin <= 2.4.1 is vulnerable to SQL Injection |
| CVE-2023-35910 | 2023-11-03 | WordPress Quasar form Plugin <= 6.0 is vulnerable to SQL Injection |
| CVE-2023-40215 | 2023-11-03 | WordPress Demon image annotation Plugin <= 5.1 is vulnerable to SQL Injection |
| CVE-2023-40922 | 2023-11-04 | kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent(). |
| CVE-2023-46963 | 2023-11-04 | An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function. |
| CVE-2023-46964 | 2023-11-04 | Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering. |
| CVE-2023-46981 | 2023-11-04 | SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list. |
| CVE-2023-47249 | 2023-11-04 | In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read. |
| CVE-2023-46380 | 2023-11-04 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP. |
| CVE-2023-46381 | 2023-11-04 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit... |
| CVE-2023-46382 | 2023-11-04 | LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login. |
| CVE-2023-47258 | 2023-11-05 | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter. |
| CVE-2023-47259 | 2023-11-05 | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter. |
| CVE-2023-47260 | 2023-11-05 | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails. |
| CVE-2023-47271 | 2023-11-05 | PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML... |
| CVE-2023-47272 | 2023-11-05 | Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). |
| CVE-2017-20187 | 2023-11-05 | Magnesium-PHP Base.php formatEmailString injection |
| CVE-2018-25092 | 2023-11-05 | Vaerys-Dawn DiscordSailv2 Command Mention access control |
| CVE-2022-48192 | 2023-11-06 | Cross-site scripting vulnerability in Softing smartLink SW-HT |
| CVE-2022-48193 | 2023-11-06 | Weak ciphers vulnerability in Softing smartLink SW-HT |
| CVE-2023-45556 | 2023-11-06 | Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component. |
| CVE-2023-38406 | 2023-11-06 | bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." |
| CVE-2023-38407 | 2023-11-06 | bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. |
| CVE-2023-47004 | 2023-11-06 | Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication. |
| CVE-2023-47253 | 2023-11-06 | Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. |
| CVE-2018-25093 | 2023-11-06 | Vaerys-Dawn DiscordSailv2 Tag access control |
| CVE-2023-46802 | 2023-11-06 | e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files... |
| CVE-2023-32832 | 2023-11-06 | In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... |
| CVE-2023-32818 | 2023-11-06 | In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-32834 | 2023-11-06 | In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed... |
| CVE-2023-32835 | 2023-11-06 | In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed... |
| CVE-2023-32836 | 2023-11-06 | In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-32837 | 2023-11-06 | In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-20702 | 2023-11-06 | In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc... |
| CVE-2023-32838 | 2023-11-06 | In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2023-32839 | 2023-11-06 | In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2023-32825 | 2023-11-06 | In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2023-32840 | 2023-11-06 | In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2023-4625 | 2023-11-06 | Denial-of-Service(DoS) Vulnerability in Web server function on MELSEC Series CPU module |
| CVE-2023-4699 | 2023-11-06 | Arbitrary Command Execution Vulnerability in Mitsubishi Electric proprietary protocol communication of multiple FA products |
| CVE-2023-42669 | 2023-11-06 | Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc |
| CVE-2023-28794 | 2023-11-06 | PAC Files Exposed to Internet Websites |
| CVE-2021-4430 | 2023-11-06 | Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosure |
| CVE-2022-47428 | 2023-11-06 | WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.7 is vulnerable to SQL Injection |
| CVE-2022-47420 | 2023-11-06 | WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection |
| CVE-2022-47430 | 2023-11-06 | WordPress The School Management – Education & Learning Management Plugin <= 4.1 is vulnerable to SQL Injection |
| CVE-2022-47432 | 2023-11-06 | WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to SQL Injection |
| CVE-2022-45373 | 2023-11-06 | WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to SQL Injection |
| CVE-2022-46860 | 2023-11-06 | WordPress Short URL Plugin <= 1.6.4 is vulnerable to SQL Injection |
| CVE-2022-46849 | 2023-11-06 | WordPress Coming Soon Plugin <= 1.5.9 is vulnerable to SQL Injection |
| CVE-2023-40207 | 2023-11-06 | WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to SQL Injection |
| CVE-2023-38382 | 2023-11-06 | WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL Injection |
| CVE-2023-33924 | 2023-11-06 | WordPress SIS Handball Plugin <= 1.0.45 is vulnerable to SQL Injection |
| CVE-2023-27605 | 2023-11-06 | WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to SQL Injection |
| CVE-2023-40609 | 2023-11-06 | WordPress Contact form 7 Custom validation Plugin <= 1.1.3 is vulnerable to SQL Injection |
| CVE-2023-41685 | 2023-11-06 | WordPress Woocommerce Support System Plugin <= 1.2.1 is vulnerable to SQL Injection |
| CVE-2023-45001 | 2023-11-06 | WordPress Seriously Simple Stats Plugin <= 1.5.0 is vulnerable to SQL Injection |
| CVE-2023-45046 | 2023-11-06 | WordPress Pressference Exporter Plugin <= 1.0.3 is vulnerable to SQL Injection |
| CVE-2023-28748 | 2023-11-06 | WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to SQL Injection |
| CVE-2023-45055 | 2023-11-06 | WordPress MStore API Plugin <= 4.0.6 is vulnerable to SQL Injection |
| CVE-2023-45074 | 2023-11-06 | WordPress Advanced Page Visit Counter Plugin <= 7.1.1 is vulnerable to SQL Injection |
| CVE-2023-45069 | 2023-11-06 | WordPress Video Gallery – YouTube Gallery Plugin <= 2.1.3 is vulnerable to SQL Injection |